You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using the ftflow_pcap sample code and I can see that there is a code the generates JSON:
ndpi_flow2json(ndpi_struct, ndpi_flow,
k->ip_version, k->protocol, k->vlan_id,
ntohl(k->saddr.v4), ntohl(k->daddr.v4),
(struct ndpi_in6_addr*)&k->saddr.v6,
(struct ndpi_in6_addr*)&k->daddr.v6,
k->sport, k->dport,
ndpi_proto,
&serializer);
I can see for example that is generates the following JSON
Where can I see more information and documentation about what each field means?
Also how it is detected and how accurate is it?
@IvanNardi the links you sent are description of the risks.
I'm looking for explanation about each field in the JSON.
risk_score
confidence
proto_id
encrypted
breed
etc...
What are the possible values?
Is there a document that explains about those fields and what are the possible values?
Hi
I'm using the ftflow_pcap sample code and I can see that there is a code the generates JSON:
ndpi_flow2json(ndpi_struct, ndpi_flow,
k->ip_version, k->protocol, k->vlan_id,
ntohl(k->saddr.v4), ntohl(k->daddr.v4),
(struct ndpi_in6_addr*)&k->saddr.v6,
(struct ndpi_in6_addr*)&k->daddr.v6,
k->sport, k->dport,
ndpi_proto,
&serializer);
I can see for example that is generates the following JSON
Where can I see more information and documentation about what each field means?
Also how it is detected and how accurate is it?
{
"src_ip": "10.164.130.230",
"dest_ip": "10.164.255.255",
"src_port": 35328,
"dst_port": 35328,
"ip": 4,
"proto": "UDP",
"ndpi": {
"flow_risk": {
"22": {
"risk": "Unsafe Protocol",
"severity": "Low",
"risk_score": {
"total": 450,
"client": 345,
"server": 105
}
}
},
"confidence": {
"6": "DPI"
},
"proto": "NetBIOS.SMBv1",
"proto_id": "10.16",
"proto_by_ip": "Unknown",
"proto_by_ip_id": 0,
"encrypted": 0,
"breed": "Dangerous",
"category_id": 18,
"category": "System",
"hostname": "secrecy1"
}
}
The text was updated successfully, but these errors were encountered: