mirror of
https://github.com/utoni/nDPId.git
synced 2026-05-05 19:15:06 +00:00
80e1eedbef
* Fixed invalid array subscript typ0 (caused some trouble..) * bump libnDPI to 2cd0479204301c50c6149706fcd4df3058b2a8cc Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
31 lines
12 KiB
Text
31 lines
12 KiB
Text
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255}
|
|
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
|
|
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"}
|
|
01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
|
|
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}}
|
|
00968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="}
|
|
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":7,"flow_first_seen":1258162014557,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1494,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
|
|
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1258165452647,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
|
|
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258165452647,"pkt":"AAAMB6wcAFBWmXinCABFAAA0LcAAAIAGZjQKRIl2CgMJEx+bnrjjt2XlI9vFB4AS+vA0cwACAgQFtAEDAwABAQQC"}
|
|
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1258165452652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAAoGsxAADwGfTQKAwkTCkSJdp64H5sj28UH47dl5lAQwhBWHwAAAAAAAAAA"}
|
|
01077{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"ts_msec":1258165452669,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
|
|
00204{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542}
|
|
01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1258165452676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":739,"pkt_l4_len":705,"ts_msec":1258165452676,"pkt":"AAAMB6wcAFBWmXinCABFAALVLctAAIAGI4gKRIl2CgMJEx+bnrjjt2XmI9vHEVAY+OaplwAASFdUUC8xLjEgNTAwIElucGVybmFsIFNlcnZlciBFcnJvcg0KRGF0ZTogU2F0LCAxNCBOb3YgMjAwOSAwMjoyNDo0OCBHTVQNClNlcnZlcjogU3VuIEdsYXNzRmlzaCBFbnRlcnByaXNlIFNlcnZlciB2Mi4xDQpYLVBvd2VyZWQtQnk6IFNlcnZsZXQvMi41DQpDb250ZW50LVR5cGU6IHRleHQveG1sO2NoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1MZW5ndGg6IDQ1Nw0KQ2+4bmVjdGlvbjogY2xvc2UNCg0KPD94bWwgdmVyc2l\/bj0iMS4wIiA\/PjxTOkVudmVsb3BlIHhtbG6pOlM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXBvZW52ZWxvcGUvIj48UzpCb2R5PnJTOkZhdWx0IHhtbG5zOm5zND0iaHR0cDovL3d3dy53My5vcmcvMjAwMy8wNZdzeGFwLWVudmVsb3BlIj48ZmF1bHRjb2RlPlM6U2VydmVyPC9mYXVsdGNvZGU+PGZhdWx0c3RyaW5nPjwvZmF1bHRzdHJpbmc+PGRldGFpbD48bnMyOlJlbW90ZUFwY0V4Y2VwdGlvbiB4bWxuczpuczI9InVyaTovL2FsY2F0ZWwuY29tL2FwYy8yLjAiPjxtZXNzYWdlPlRoZSB0ZW1wbGF0ZSBpcyBub3QgY29uZmlndXJlZCBvbiB0aGlzIHBvcnQ8L21lc3NhZ2U+PGVycm9yQ29kZT5URU1QTElURV9OT1RfQ09ORklHVVJFRDwvZXJMb3JDb2RlPjwvbnMyOlJlbW90ZUFwY0V4Y2VwdGlvbj48L2RldGFpbD48L1M6RmHSbHQ+PC9TOkI3ZHk+PC9TOkVudmVsb3BlPg=="}
|
|
00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
|
|
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
|
|
00187{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","total-events-serialized":16}
|
|
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
|
|
~~ packets captured/processed: 14/13
|
|
~~ skipped flows.............: 0
|
|
~~ total layer4 data length..: 2179 bytes
|
|
~~ total detected protocols..: 1
|
|
~~ total active/idle flows...: 2/2
|
|
~~ total timeout flows.......: 0
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
~~ total memory allocated....: 4594156 bytes
|
|
~~ total memory freed........: 4594156 bytes
|
|
~~ total allocations/frees...: 99555/99555
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
~~ json string min len.......: 192 chars
|
|
~~ json string max len.......: 1987 chars
|
|
~~ json string avg len.......: 1097 chars
|