diff --git a/wcx-抓包-用于模型复现/sufshark_t2.txt_headers.txt b/wcx-抓包-用于模型复现/sufshark_t2.txt_headers.txt deleted file mode 100644 index e491797..0000000 --- a/wcx-抓包-用于模型复现/sufshark_t2.txt_headers.txt +++ /dev/null @@ -1,128 +0,0 @@ -# Date: 1678503926.012904 sec (Sat 11 Mar 2023 11:05:26 CST) -# Tranalyzer 0.8.14 (Anteater), Tarantula. -# Core configuration: L2, IPv4, IPv6 -# SensorID: 666 -# PID: 32097 -# Command line: /Users/fangxiaoyu/tranalyzer2-0.8.14/tranalyzer2/build/tranalyzer -r /Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/sufshark_openvpn_tcp.pcap -w /Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/sufshark_t2.txt -# HW info: fangxiaoyudeMacBook-Pro.local;Darwin;22.3.0;Darwin Kernel Version 22.3.0: Mon Jan 30 20:38:37 PST 2023; root:xnu-8792.81.3~2/RELEASE_ARM64_T6000;arm64 -# -# Plugins loaded: -# 01: protoStats, version 0.8.14 -# 02: basicFlow, version 0.8.14 -# 03: macRecorder, version 0.8.14 -# 04: portClassifier, version 0.8.14 -# 05: basicStats, version 0.8.14 -# 06: tcpFlags, version 0.8.14 -# 07: tcpStates, version 0.8.14 -# 08: icmpDecode, version 0.8.14 -# 09: connStat, version 0.8.14 -# 10: txtSink, version 0.8.14 -# -# Col No. Type Name Description -1 C dir Flow direction -2 U64 flowInd Flow index -3 H64 flowStat Flow status and warnings -4 U64.U32 timeFirst Date time of first packet -5 U64.U32 timeLast Date time of last packet -6 U64.U32 duration Flow duration -7 U8 numHdrDesc Number of different headers descriptions -8 U16:R numHdrs Number of headers (depth) in hdrDesc -9 SC:R hdrDesc Headers description -10 MAC:R srcMac Mac source -11 MAC:R dstMac Mac destination -12 H16 ethType Ethernet type -13 U16:R ethVlanID VLAN IDs -14 IPX srcIP Source IP address -15 SC srcIPCC Source IP country -16 S srcIPOrg Source IP organisation -17 U16 srcPort Source port -18 IPX dstIP Destination IP address -19 SC dstIPCC Destination IP country -20 S dstIPOrg Destination IP organisation -21 U16 dstPort Destination port -22 U8 l4Proto Layer 4 protocol -23 H8 macStat macRecorder status -24 U32 macPairs Number of distinct source/destination MAC addresses pairs -25 MAC_MAC_U64:R srcMac_dstMac_numP Source/destination MAC address, number of packets of MAC address combination -26 SC_SC:R srcMacLbl_dstMacLbl Source/destination MAC label -27 U16 dstPortClassN Port based classification of the destination port number -28 SC dstPortClass Port based classification of the destination port name -29 U64 numPktsSnt Number of transmitted packets -30 U64 numPktsRcvd Number of received packets -31 U64 numBytesSnt Number of transmitted bytes -32 U64 numBytesRcvd Number of received bytes -33 U16 minPktSz Minimum layer 3 packet size -34 U16 maxPktSz Maximum layer 3 packet size -35 F avePktSize Average layer 3 packet size -36 F stdPktSize Standard deviation layer 3 packet size -37 F minIAT Minimum IAT -38 F maxIAT Maximum IAT -39 F aveIAT Average IAT -40 F stdIAT Standard deviation IAT -41 F pktps Sent packets per second -42 F bytps Sent bytes per second -43 F pktAsm Packet stream asymmetry -44 F bytAsm Byte stream asymmetry -45 H16 tcpFStat tcpFlags status -46 U16 ipMindIPID IP minimum delta IP ID -47 U16 ipMaxdIPID IP maximum delta IP ID -48 U8 ipMinTTL IP minimum TTL -49 U8 ipMaxTTL IP maximum TTL -50 U8 ipTTLChg IP TTL change count -51 H8 ipToS IP Type of Service hex -52 H16 ipFlags IP aggregated flags -53 U16 ipOptCnt IP options count -54 H8_H32 ipOptCpCl_Num IP aggregated options, copy-class and number -55 U16_U16 ip6OptCntHH_D IPv6 Hop-by-Hop destination option counts -56 H32_H32 ip6OptHH_D IPv6 aggregated Hop-by-Hop destination options -57 U32 tcpISeqN TCP initial sequence number -58 U16 tcpPSeqCnt TCP packet seq count -59 U64 tcpSeqSntBytes TCP sent seq diff bytes -60 U16 tcpSeqFaultCnt TCP sequence number fault count -61 U16 tcpPAckCnt TCP packet ACK count -62 U64 tcpFlwLssAckRcvdBytes TCP flawless ACK received bytes -63 U16 tcpAckFaultCnt TCP ACK number fault count -64 U32 tcpBFlgtMx TCP Bytes in Flight MAX -65 U32 tcpInitWinSz TCP initial effective window size -66 F tcpAveWinSz TCP average effective window size -67 U32 tcpMinWinSz TCP minimum effective window size -68 U32 tcpMaxWinSz TCP maximum effective window size -69 U16 tcpWinSzDwnCnt TCP effective window size change down count -70 U16 tcpWinSzUpCnt TCP effective window size change up count -71 U16 tcpWinSzChgDirCnt TCP effective window size direction change count -72 F tcpWinSzThRt TCP packet count ratio below window size WINMIN threshold -73 H16 tcpFlags TCP aggregated protocol flags (FINACK, SYNACK, RSTACK, CWR, ECE, URG, ACK, PSH, RST, SYN, FIN) -74 H16 tcpAnomaly TCP aggregated header anomaly flags -75 U16 tcpOptPktCnt TCP options packet count -76 U16 tcpOptCnt TCP options count -77 H32 tcpOptions TCP aggregated options -78 U16 tcpMSS TCP maximum segment size -79 U16 tcpWS TCP window scale -80 H16 tcpMPTBF TCP MPTCP type bitfield -81 H8 tcpMPF TCP MPTCP flags -82 U8 tcpMPAID TCP MPTCP address ID -83 H8 tcpMPDSSF TCP MPTCP DSS flags -84 U32 tcpTmS TCP time stamp -85 U32 tcpTmER TCP time echo reply -86 F tcpEcI TCP estimated counter increment -87 D tcpUtm TCP estimated up time -88 U64.U32 tcpBtm TCP estimated boot time -89 F tcpSSASAATrip TCP trip time (A: SYN, SYN-ACK, B: SYN-ACK, ACK) -90 F tcpRTTAckTripMin TCP ACK trip min -91 F tcpRTTAckTripMax TCP ACK trip max -92 F tcpRTTAckTripAve TCP ACK trip average -93 F tcpRTTAckTripJitAve TCP ACK trip jitter average -94 F tcpRTTSseqAA TCP round trip time (A: SYN, SYN-ACK, ACK, B: ACK-ACK) -95 F tcpRTTAckJitAve TCP ACK round trip average jitter -96 H8 tcpStatesAFlags TCP state machine anomalies -97 H8 icmpStat ICMP Status -98 U8 icmpTCcnt ICMP type code count -99 H32_H32_H16 icmpBFTypH_TypL_Code ICMP Aggregated type H (>128), L (<32) & code bit field -100 H32 icmpTmGtw ICMP time/gateway -101 F icmpEchoSuccRatio ICMP Echo reply/request success ratio -102 U64 icmpPFindex ICMP parent flowIndex -103 U32 connSip Number of unique source IPs -104 U32 connDip Number of unique destination IPs -105 U32 connSipDip Number of connections between source and destination IP -106 U32 connSipDprt Number of connections between source IP and destination port -107 F connF The f number: connSipDprt / connSip [EXPERIMENTAL]