vrr/nDPId
2
0
Fork 0
mirror of https://github.com/utoni/nDPId.git synced 2026-05-06 03:45:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
nDPId/test/results/ndpi_match_string_subprotocol__error.pcapng.out
Toni Uhlig cb80c415d8
Improved py-flow-info to provide more optional information about received timestamps. 
* py-flow-dashboard: Added color mapping for PieCharts/Graph that make more sense
 * nDPId: Renamed `flow_type' to a more precisely `flow_state'
 * nDPId: Changed the default setting to process only as much packets as libnDPI does

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2022-02-05 15:27:13 +01:00

31 lines
12 KiB
Text
Raw Blame History

00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"}
01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}}
00968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="}
00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1258162014557,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1494,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258165452647,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258165452647,"pkt":"AAAMB6wcAFBWmXinCABFAAA0LcAAAIAGZjQKRIl2CgMJEx+bnrjjt2XlI9vFB4AS+vA0cwACAgQFtAEDAwABAQQC"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1258165452652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAAoGsxAADwGfTQKAwkTCkSJdp64H5sj28UH47dl5lAQwhBWHwAAAAAAAAAA"}
01077{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"ts_msec":1258165452669,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542}
01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1258165452676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":739,"pkt_l4_len":705,"ts_msec":1258165452676,"pkt":"AAAMB6wcAFBWmXinCABFAALVLctAAIAGI4gKRIl2CgMJEx+bnrjjt2XmI9vHEVAY+OaplwAASFdUUC8xLjEgNTAwIElucGVybmFsIFNlcnZlciBFcnJvcg0KRGF0ZTogU2F0LCAxNCBOb3YgMjAwOSAwMjoyNDo0OCBHTVQNClNlcnZlcjogU3VuIEdsYXNzRmlzaCBFbnRlcnByaXNlIFNlcnZlciB2Mi4xDQpYLVBvd2VyZWQtQnk6IFNlcnZsZXQvMi41DQpDb250ZW50LVR5cGU6IHRleHQveG1sO2NoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1MZW5ndGg6IDQ1Nw0KQ2+4bmVjdGlvbjogY2xvc2UNCg0KPD94bWwgdmVyc2l\/bj0iMS4wIiA\/PjxTOkVudmVsb3BlIHhtbG6pOlM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXBvZW52ZWxvcGUvIj48UzpCb2R5PnJTOkZhdWx0IHhtbG5zOm5zND0iaHR0cDovL3d3dy53My5vcmcvMjAwMy8wNZdzeGFwLWVudmVsb3BlIj48ZmF1bHRjb2RlPlM6U2VydmVyPC9mYXVsdGNvZGU+PGZhdWx0c3RyaW5nPjwvZmF1bHRzdHJpbmc+PGRldGFpbD48bnMyOlJlbW90ZUFwY0V4Y2VwdGlvbiB4bWxuczpuczI9InVyaTovL2FsY2F0ZWwuY29tL2FwYy8yLjAiPjxtZXNzYWdlPlRoZSB0ZW1wbGF0ZSBpcyBub3QgY29uZmlndXJlZCBvbiB0aGlzIHBvcnQ8L21lc3NhZ2U+PGVycm9yQ29kZT5URU1QTElURV9OT1RfQ09ORklHVVJFRDwvZXJMb3JDb2RlPjwvbnMyOlJlbW90ZUFwY0V4Y2VwdGlvbj48L2RldGFpbD48L1M6RmHSbHQ+PC9TOkI3ZHk+PC9TOkVudmVsb3BlPg=="}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00604{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00187{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","total-events-serialized":16}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 14/13
~~ skipped flows.............: 0
~~ total layer4 data length..: 2179 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4598554 bytes
~~ total memory freed........: 4598554 bytes
~~ total allocations/frees...: 99574/99574
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 192 chars
~~ json string max len.......: 1987 chars
~~ json string avg len.......: 1100 chars
Reference in a new issue View git blame Copy permalink