{{ card_header("network flows — tcpdump aggregator (by destination)") }}
{% if flows.rows %}
{# ----- aggregate summary: sum + counts ----- #}
{% set s = flows.summary %}
{{ s.destinations }}
destinations
{{ "{:,}".format(s.packets) }}
packets
{{ s.malicious }}
malicious
{{ s.suspicious }}
suspicious
{# ----- one row per destination IP (grouped / summed) ----- #}
| verdict |
destination |
interface |
proto |
ports |
flows |
packets |
why |
{% for f in flows.rows %}
|
{% if f.verdict %}
{{ f.verdict }}{% if f.confidence is not none %}
{{ "%.0f"|format(f.confidence * 100) }}%
{% endif %}
{% else %}
—
{% endif %}
|
{{ f.dst_ip }} |
{{ f.iface }} |
{{ f.proto }} |
{{ f.ports }} |
{{ f.flows }} |
{{ "{:,}".format(f.packets) }} |
{{ f.reasoning }} |
{% endfor %}
{% else %}
no network flows yet — the tcpdump aggregator needs root (run the
monitor with sudo) and a capture window to elapse.
{% endif %}