diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-10-30 15:48:45 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-11-02 15:48:45 +0100 |
| commit | 2b48eb051473e240735f61f41dce1c6614ca39fd (patch) | |
| tree | e7314df940c8be78adca1edba92a9cde3c85a045 | |
| parent | ddc96ba614e4f6d1cd4ea9526ae1ccc9d71b8f49 (diff) | |
Added `vlan_id` dissection of the most outer (first) 802.1Q header. Fixes #50
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
115 files changed, 833 insertions, 767 deletions
diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py index c5193f9ee..5732bf980 100755 --- a/examples/py-flow-info/flow-info.py +++ b/examples/py-flow-info/flow-info.py @@ -528,9 +528,11 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data): '[' + Stats.prettifyBytes(json_dict['flow_dst_packets_processed'], False) + ']' if json_dict['l3_proto'] == 'ip4': - print('{}{}{}{}{}: [{:.>6}] [{}][{:.>5}] [{:.>15}]{} -> [{:.>15}]{}{}{}' \ + print('{}{}{}{}{}: [{:.>6}]{} [{}][{:.>5}] [{:.>15}]{} -> [{:.>15}]{}{}{}' \ ''.format(timestamp, first_seen, last_seen, instance_and_source, flow_event_name, - json_dict['flow_id'], json_dict['l3_proto'], json_dict['l4_proto'], + json_dict['flow_id'], + '[{:.>4}]'.format(json_dict['vlan_id']) if 'vlan_id' in json_dict else '', + json_dict['l3_proto'], json_dict['l4_proto'], json_dict['src_ip'].lower(), '[{:.>5}]'.format(json_dict['src_port']) if 'src_port' in json_dict else '', json_dict['dst_ip'].lower(), @@ -189,7 +189,7 @@ struct nDPId_flow_basic uint8_t tcp_fin_rst_seen : 1; uint8_t tcp_is_midstream_flow : 1; uint8_t reserved_00 : 6; - uint8_t reserved_01[2]; + uint16_t vlan_id; // ETHERTYPE_VLAN: 802.1Q VLAN uint16_t src_port; uint16_t dst_port; uint64_t last_pkt_time[FD_COUNT]; @@ -206,7 +206,6 @@ struct nDPId_flow_extended uint16_t min_l4_payload_len[FD_COUNT]; uint16_t max_l4_payload_len[FD_COUNT]; - ; unsigned long long int packets_processed[FD_COUNT]; uint64_t first_seen; @@ -1995,6 +1994,15 @@ static int ndpi_workflow_node_cmp(void const * const A, void const * const B) return 1; } + if (flow_basic_a->vlan_id < flow_basic_b->vlan_id) + { + return -1; + } + else if (flow_basic_a->vlan_id > flow_basic_b->vlan_id) + { + return 1; + } + /* flows have the same hash */ if (flow_basic_a->l4_protocol < flow_basic_b->l4_protocol) { @@ -2171,6 +2179,11 @@ static void jsonize_l3_l4(struct nDPId_workflow * const workflow, struct nDPId_f char src_name[48] = {}; char dst_name[48] = {}; + if (flow_basic->vlan_id != USHRT_MAX) + { + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "vlan_id", flow_basic->vlan_id); + } + switch (flow_basic->l3_type) { case L3_IP: @@ -2891,6 +2904,10 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa if (event == PACKET_EVENT_PAYLOAD_FLOW) { + if (flow_ext->flow_basic.vlan_id != USHRT_MAX) + { + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "vlan_id", flow_ext->flow_basic.vlan_id); + } ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_id", flow_ext->flow_id); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", @@ -3440,8 +3457,9 @@ static uint32_t calculate_ndpi_flow_struct_hash(struct ndpi_flow_struct const * static int process_datalink_layer(struct nDPId_reader_thread * const reader_thread, struct pcap_pkthdr const * const header, uint8_t const * const packet, - uint16_t * ip_offset, - uint16_t * layer3_type) + uint16_t * const ip_offset, + uint16_t * const layer3_type, + uint16_t * const vlan_id) { const uint16_t eth_offset = 0; int datalink_type; @@ -3734,6 +3752,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre } return 1; } + *vlan_id = ntohs(*(uint16_t *)&packet[*ip_offset]) & 0xFFF; *layer3_type = ntohs(*(uint16_t *)&packet[*ip_offset + 2]); *ip_offset += 4; } @@ -3916,7 +3935,7 @@ static void ndpi_process_packet(uint8_t * const args, { struct nDPId_reader_thread * const reader_thread = (struct nDPId_reader_thread *)args; struct nDPId_workflow * workflow; - struct nDPId_flow_basic flow_basic = {}; + struct nDPId_flow_basic flow_basic = {.vlan_id = USHRT_MAX}; enum nDPId_flow_direction direction; size_t hashed_index; @@ -3966,7 +3985,7 @@ static void ndpi_process_packet(uint8_t * const args, do_periodically_work(reader_thread); - if (process_datalink_layer(reader_thread, header, packet, &ip_offset, &type) != 0) + if (process_datalink_layer(reader_thread, header, packet, &ip_offset, &type, &flow_basic.vlan_id) != 0) { return; } @@ -4181,6 +4200,7 @@ static void ndpi_process_packet(uint8_t * const args, /* distribute flows to threads while keeping stability (same flow goes always to same thread) */ thread_index += (flow_basic.src_port < flow_basic.dst_port ? flow_basic.dst_port : flow_basic.src_port); + thread_index += flow_basic.vlan_id; thread_index %= GET_CMDARG_ULL(nDPId_options.reader_thread_count); if (thread_index != reader_thread->array_index) { diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json index e9af54b3b..95dc095e7 100644 --- a/schema/flow_event_schema.json +++ b/schema/flow_event_schema.json @@ -77,6 +77,11 @@ "type": "number", "minimum": 0 }, + "vlan_id": { + "type": "number", + "minimum": 0, + "maximum": 4095 + }, "flow_event_id": { "type": "number", "minimum": 0, diff --git a/schema/packet_event_schema.json b/schema/packet_event_schema.json index 8f90d454d..d087bace1 100644 --- a/schema/packet_event_schema.json +++ b/schema/packet_event_schema.json @@ -27,7 +27,7 @@ "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] }, "else": { - "not": { "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] } + "not": { "required": [ "thread_id", "vlan_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] } }, "properties": { @@ -60,6 +60,11 @@ "packet-flow" ] }, + "vlan_id": { + "type": "number", + "minimum": 0, + "maximum": 4095 + }, "flow_id": { "type": "number", "minimum": 1 diff --git a/test/results/default/ajp.pcap.out b/test/results/default/ajp.pcap.out index 5e5036dcc..2dab28daf 100644 --- a/test/results/default/ajp.pcap.out +++ b/test/results/default/ajp.pcap.out @@ -1,16 +1,16 @@ 00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00783{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} -00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} 00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584447556,"packet_id":3,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584447556} 00412{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584447547,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1505154584447616,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584447616,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1505154584447617,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAObLKQABABhyVrB0JkqwdCZOXyB9JcsXbMJOgLrmAGABzYJIAAAEBCApOnGnoHlfv2BI0AAEK"} -00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447617,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1505154584447616,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584447616,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1505154584447617,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAObLKQABABhyVrB0JkqwdCZOXyB9JcsXbMJOgLrmAGABzYJIAAAEBCApOnGnoHlfv2BI0AAEK"} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447617,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584447662,"packet_id":6,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584447662} 00412{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584447617,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584447809,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFgQABABg4ErB0Jk6wdCZIfSZfIk6AuuXLF2zWAEAByfM8AAAEBCAoeV+\/ZTpxp6A=="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1505154584447617,"flow_dst_last_pkt_time":1505154584447809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584447809,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFgQABABg4ErB0Jk6wdCZIfSZfIk6AuuXLF2zWAEAByfM8AAAEBCAoeV+\/ZTpxp6A=="} 00308{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584447980,"packet_id":8,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584447980} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584447809,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="} 00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584448477,"packet_id":10,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_usec":1505154584448477} @@ -19,17 +19,17 @@ 01508{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_usec":1505154584448303,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584448825,"packet_id":16,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584448825} 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584448662,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} -00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584618218,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584618218,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"} 00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":22,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584618218} 00413{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAObLKQABABhyVrB0JkqwdCZOXyB9KcsXbMJOgLrmAGABzYJEAAAEBCApOnGnoHlfv2BI0AAEK"} -00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1505154584618218,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAObLKQABABhyVrB0JkqwdCZOXyB9KcsXbMJOgLrmAGABzYJEAAAEBCApOnGnoHlfv2BI0AAEK"} +00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":25,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":1505154584618218} 00413{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} -00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584618218,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFgQABABg4ErB0Jk6wdCZIfSpfIk6AuuXLF2zWAEAByfM4AAAEBCAoeV+\/ZTpxp6A=="} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1505154584618218,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAANMFgQABABg4ErB0Jk6wdCZIfSpfIk6AuuXLF2zWAEAByfM4AAAEBCAoeV+\/ZTpxp6A=="} 00309{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":27,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584618218} 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="} 00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":29,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_usec":1505154584618218} @@ -38,8 +38,8 @@ 01508{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 00310{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505154584618218,"packet_id":35,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1505154584618218} 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} -00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00792{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":38,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 diff --git a/test/results/default/bfd.pcap.out b/test/results/default/bfd.pcap.out index cb50048d2..dd49beb4a 100644 --- a/test/results/default/bfd.pcap.out +++ b/test/results/default/bfd.pcap.out @@ -1,28 +1,28 @@ 00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00783{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1407756994998897} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994998897,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAABAAD\/EWrxmwENAZsBDQPAAA7IACCXvyBAAxgAAAABAAAAAAAPQkAAD0JAAAehIA=="} -00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994999372,"flow_src_last_pkt_time":1407756994999372,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994999372,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994999372,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994999372,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAANAABAAD\/EWrxmwENA5sBDQHAAA7IACCXfiCAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} -00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994999372,"flow_src_last_pkt_time":1407756994999372,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994999372,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994999521,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAACAAD\/EWrwmwENAZsBDQPAAA7IACCXPiDAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1407756995000015,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756995000015,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAANAACAAD\/EWrwmwENA5sBDQHAAA7IACCXPiDAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1407756995071616,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756995071616,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAANAADAAD\/EWrvmwENA5sBDQHAAA7IACCXPiDAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995403541,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995403541,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1407756995403541,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995403541,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAAKAADAAD\/EWr9mwENAZsBDQHAAA7JABTg9gAAAAAAAAABAAAAAA=="} -00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995403541,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995403541,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1407756995404096,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995404096,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAAKAADAAD+EWv9mwENAZsBDQHAAA7JABTg9gAAAAAAAAABAAAAAA=="} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493239,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995493239,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1407756995493239,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995493239,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAAKAAEAAD\/EWr4mwENA5sBDQPAAA7JABTg8gAAAAAAAAABAAAAAA=="} -00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493239,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995493239,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995493316,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAAKAAEAAD+EWv4mwENA5sBDQPAAA7JABTg8gAAAAAAAAABAAAAAA=="} -00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1407756995861911,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995861911,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAAKAAEAAD\/EWr8mwENAZsBDQHAAA7JABTg9QAAAAAAAAABAAAAAQ=="} -00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995862322,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAAKAAEAAD+EWv8mwENAZsBDQHAAA7JABTg9QAAAAAAAAABAAAAAQ=="} -00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1407756994999372,"flow_src_last_pkt_time":1407756995071616,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994998897,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAABAAD\/EWrxmwENAZsBDQPAAA7IACCXvyBAAxgAAAABAAAAAAAPQkAAD0JAAAehIA=="} +00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994999372,"flow_src_last_pkt_time":1407756994999372,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994999372,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994999372,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994999372,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAANAABAAD\/EWrxmwENA5sBDQHAAA7IACCXfiCAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} +00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994999372,"flow_src_last_pkt_time":1407756994999372,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994999372,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994999521,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAACAAD\/EWrwmwENAZsBDQPAAA7IACCXPiDAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1407756995000015,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756995000015,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAANAACAAD\/EWrwmwENA5sBDQHAAA7IACCXPiDAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1407756995071616,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756995071616,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAANAADAAD\/EWrvmwENA5sBDQHAAA7IACCXPiDAAxgAAAABAAAAAQAPQkAAD0JAAAehIA=="} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995403541,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995403541,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1407756995403541,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995403541,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAAKAADAAD\/EWr9mwENAZsBDQHAAA7JABTg9gAAAAAAAAABAAAAAA=="} +00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995403541,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995403541,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1407756995404096,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995404096,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAAKAADAAD+EWv9mwENAZsBDQHAAA7JABTg9gAAAAAAAAABAAAAAA=="} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493239,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995493239,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1407756995493239,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995493239,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAAKAAEAAD\/EWr4mwENA5sBDQPAAA7JABTg8gAAAAAAAAABAAAAAA=="} +00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493239,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995493239,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995493316,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAAKAAEAAD+EWv4mwENA5sBDQPAAA7JABTg8gAAAAAAAAABAAAAAA=="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1407756995861911,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995861911,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAAKAAEAAD\/EWr8mwENAZsBDQHAAA7JABTg9QAAAAAAAAABAAAAAQ=="} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1407756995862322,"pkt":"qrvMAAEQqrvMAAMQgQAADQgARcAAKAAEAAD+EWv8mwENAZsBDQHAAA7JABTg9QAAAAAAAAABAAAAAQ=="} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1407756994999372,"flow_src_last_pkt_time":1407756995071616,"flow_dst_last_pkt_time":1407756994999372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1407756995862322} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 @@ -36,6 +36,6 @@ ~~ total memory freed........: 6648862 bytes ~~ total allocations/frees...: 114064/114064 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 532 chars -~~ json message max len.......: 961 chars -~~ json message avg len.......: 745 chars +~~ json message min len.......: 545 chars +~~ json message max len.......: 974 chars +~~ json message avg len.......: 758 chars diff --git a/test/results/default/bot.pcap.out b/test/results/default/bot.pcap.out index 02525bc49..520023311 100644 --- a/test/results/default/bot.pcap.out +++ b/test/results/default/bot.pcap.out @@ -1,14 +1,14 @@ 00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00783{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} -00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1645108240339696,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240339696,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="} -00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":374,"pkt_l4_len":336,"thread_ts_usec":1645108240339700,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQABZBFUQABuBojTKE2nJFkfSNz9AABQtwbJ7Vj1k5hQGPrwg+EAAEdFVCAvcXVhcnRpZXJpL2ltZy9TLkRvbmF0b19NLlZpdHRvcmlhMTkzMF9CLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkZyb206IGJpbmdib3QoYXQpbWljcm9zb2Z0LmNvbQ0KSG9zdDogYXRsYW50ZWRpdG9yaW5vLml0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgYmluZ2JvdC8yLjA7ICtodHRwOi8vd3d3LmJpbmcuY29tL2Jpbmdib3QuaHRtKQ0KDQo="} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240339700,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it","http": {"url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)","detected_os":"bingbot\/2.0"}}} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} -02282{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} -01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1645108240339696,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240339696,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="} +00964{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":374,"pkt_l4_len":336,"thread_ts_usec":1645108240339700,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQABZBFUQABuBojTKE2nJFkfSNz9AABQtwbJ7Vj1k5hQGPrwg+EAAEdFVCAvcXVhcnRpZXJpL2ltZy9TLkRvbmF0b19NLlZpdHRvcmlhMTkzMF9CLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkZyb206IGJpbmdib3QoYXQpbWljcm9zb2Z0LmNvbQ0KSG9zdDogYXRsYW50ZWRpdG9yaW5vLml0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgYmluZ2JvdC8yLjA7ICtodHRwOi8vd3d3LmJpbmcuY29tL2Jpbmdib3QuaHRtKQ0KDQo="} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240339700,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it","http": {"url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)","detected_os":"bingbot\/2.0"}}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} +02295{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} +01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} 00797{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 @@ -22,6 +22,6 @@ ~~ total memory freed........: 6653554 bytes ~~ total allocations/frees...: 114428/114428 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 541 chars -~~ json message max len.......: 2287 chars -~~ json message avg len.......: 1345 chars +~~ json message min len.......: 554 chars +~~ json message max len.......: 2300 chars +~~ json message avg len.......: 1358 chars diff --git a/test/results/default/cpha.pcap.out b/test/results/default/cpha.pcap.out index af142be81..01dde0fff 100644 --- a/test/results/default/cpha.pcap.out +++ b/test/results/default/cpha.pcap.out @@ -1,9 +1,9 @@ 00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00784{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} -00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_usec":1603354463286532,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} -00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","vlan_id":21,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_usec":1603354463286532,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} +00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} +00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00787{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -18,5 +18,5 @@ ~~ total allocations/frees...: 114020/114020 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 565 chars -~~ json message max len.......: 950 chars -~~ json message avg len.......: 738 chars +~~ json message max len.......: 963 chars +~~ json message avg len.......: 744 chars diff --git a/test/results/default/false_positives.pcapng.out b/test/results/default/false_positives.pcapng.out index de10cfae7..b28119387 100644 --- a/test/results/default/false_positives.pcapng.out +++ b/test/results/default/false_positives.pcapng.out @@ -32,13 +32,13 @@ 00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1715158193086997,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgACEAAfBFghwrAXFEKiCtFy2ZSOAC0GieACA9pQ21wXDQSeFZVVVVVVVXVVVVV1dXVVVXVVVRVVVRUVNXVVdVVVdXV1dVV1dXVVdXV1VVV1dVV1dXVVdVVVVVV1dXVVdXV1dXV1dXVVVXV1VVV1dXV1VVV1dVV1VVV1dXV1VVV1dXV1VVVVVXV1dXVVVXV1VVV1VVV1VVVVdXV1VXV1dXV1VXV1VVV1dVV1dXVVVVVVFTV1dVVVVVV1VVVVVXVVdXV1dRV"} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193246341,"packet_id":16,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193246341} 00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1715158193086997,"pkt":"AAAAAAAAAAECAAD6gQCvpoEAoBQIAEW4AMiG4kAAQBEVrQqIK0UKwFxRUjjLZgC06BmACLddco7RfkKf05DV1dXV1dXV1VVV1dXV1dXV1dXV1dXV1dXV1dXV1dXVVVVVVVXV1dXVVVVVVVVVVVXV1dXV1dXV1dXV1dXV1dXV1dXV1dVV1dXV1dXV1dXV1dXV1dXV1dXV1dXVVVVV1dXV1dXV1dXV1dVV1dXV1dXV1dXV1dXV1dXVVdVVVVVV1VVVVdXVVVXV1dXV1dXV1dXV1VXV1dXV1dXV1dXV1dXV"} -00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216944076,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216944076,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAABQAB+EZfeCn5GQwrsB+Fc6MPwALQAAIAIDN0byMsuNBJ4VtVVVVVV1dVV1dVVVVVVVVVVVVXV1dXV1VVV1dXVVVVVVVXV1dXV1VVVVVXVVdXV1dXVVVXVVdXV1dXV1dVVVdXV1VXVVVVVVVVV1VVVVdXV1dVV1VVV1VVV1dVVVdXV1VXV1dVV1dXVVVVV1VVV1dXV1dVVVVXV1VXV1dVV1dXVVdVVVVVVVVVVVVXV1dXV1VVVVVVVVdXVVdXVVdXVVVU="} -00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1715158216963978,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216963978,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAACQAB+EZfdCn5GQwrsB+Fc6MPwALQAAIAIDN4byMvONBJ4VlXV1dVVVdXVVdXV1VXV1VVVVdXV1dVVVdXV1VXV1dXV1VVVVVVVVVXVVVVVVdXV1dXV1dXV1dVVVVVV1VVV1dXVVVVV1VVV1VXV1dVV1dVVVdVVVVXVVdVVVdXV1dXV1VVV1VVV1VVVVdXV1dXV1VVVVVXVVdXV1dXVVVXV1VVVVVVV1dXV1dXV1dXVVdVVVVVVVVXV1dXV1dVVVdXVVVU="} -00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216983863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAADQAB+EZfcCn5GQwrsB+Fc6MPwALQAAIAIDN8byMxuNBJ4VlXVVVVV1dVV1VXV1dVVVVVVVVXVVVXV1dXV1VXVVVVVVVXVVdVVVdVVVVXV1VVV1VXV1VVV1dXV1dXVVVVVVVXVVVXVVVVV1dVVVVVV1dXV1VVVVVVV1dXVVVXVVVVV1VVV1dXV1dXV1dVV1VVVVVVVVdXVVdXV1dXV1dVV1dXVVdXV1dXVVVVVVdXVVVVV1VVVVVVVVdXV1dXVVVXV1dU="} -00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1715158217003863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217003863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAEQAB+EZfbCn5GQwrsB+Fc6MPwALQAAIAIDOAbyM0ONBJ4VlVV1dXVVVXVVVVV1dXV1dXV1dVVVVVVVVVV1dVVVdXV1dXVVdXV1dXVVVVVVdXVVdXV1VVVVVXV1VXV1dVV1dXV1dXVVVVVVVXV1dXV1VXV1dXV1VVVVdXV1VVVVVVVVVXVVdVV1dXVVVXV1dVVVVVV1VVVVdVVVVVV1dVV1dXV1dXV1VVV1dVVVdXVVVVVVdXVVdVV1dXV1dXVVVVVVdU="} -00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1715158217023923,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217023923,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAFQAB+EZfaCn5GQwrsB+Fc6MPwALQAAIAIDOEbyM2uNBJ4VtXVVVXV1dXVVdVVVVVV1VVVVVXVVdXV1dXV1dVVVVVVVVXVVVXVVVVVVVXVVdXVVVXV1dXV1VVV1VXV1VVVVVVVVdXV1dXVVVXV1VXV1VVV1dVVVVXVVVXV1dXV1dVVVVVV1dVV1dVV1VVVVdXV1dXV1dXV1VVV1VVV1dVV1VVVVVXVVdXV1dXV1dXVVVVVVVXV1dVVVVXV1dVVVdVV1dU="} +00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216944076,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216944076,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAABQAB+EZfeCn5GQwrsB+Fc6MPwALQAAIAIDN0byMsuNBJ4VtVVVVVV1dVV1dVVVVVVVVVVVVXV1dXV1VVV1dXVVVVVVVXV1dXV1VVVVVXVVdXV1dXVVVXVVdXV1dXV1dVVVdXV1VXVVVVVVVVV1VVVVdXV1dVV1VVV1VVV1dVVVdXV1VXV1dVV1dXVVVVV1VVV1dXV1dVVVVXV1VXV1dVV1dXVVdVVVVVVVVVVVVXV1dXV1VVVVVVVVdXVVdXVVdXVVVU="} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1715158216963978,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216963978,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAACQAB+EZfdCn5GQwrsB+Fc6MPwALQAAIAIDN4byMvONBJ4VlXV1dVVVdXVVdXV1VXV1VVVVdXV1dVVVdXV1VXV1dXV1VVVVVVVVVXVVVVVVdXV1dXV1dXV1dVVVVVV1VVV1dXVVVVV1VVV1VXV1dVV1dVVVdVVVVXVVdVVVdXV1dXV1VVV1VVV1VVVVdXV1dXV1VVVVVXVVdXV1dXVVVXV1VVVVVVV1dXV1dXV1dXVVdVVVVVVVVXV1dXV1dVVVdXVVVU="} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216983863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAADQAB+EZfcCn5GQwrsB+Fc6MPwALQAAIAIDN8byMxuNBJ4VlXVVVVV1dVV1VXV1dVVVVVVVVXVVVXV1dXV1VXVVVVVVVXVVdVVVdVVVVXV1VVV1VXV1VVV1dXV1dXVVVVVVVXVVVXVVVVV1dVVVVVV1dXV1VVVVVVV1dXVVVXVVVVV1VVV1dXV1dXV1dVV1VVVVVVVVdXVVdXV1dXV1dVV1dXVVdXV1dXVVVVVVdXVVVVV1VVVVVVVVdXV1dXVVVXV1dU="} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1715158217003863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217003863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAEQAB+EZfbCn5GQwrsB+Fc6MPwALQAAIAIDOAbyM0ONBJ4VlVV1dXVVVXVVVVV1dXV1dXV1dVVVVVVVVVV1dVVVdXV1dXVVdXV1dXVVVVVVdXVVdXV1VVVVVXV1VXV1dVV1dXV1dXVVVVVVVXV1dXV1VXV1dXV1VVVVdXV1VVVVVVVVVXVVdVV1dXVVVXV1dVVVVVV1VVVVdVVVVVV1dVV1dXV1dXV1VVV1dVVVdXVVVVVVdXVVdVV1dXV1dXVVVVVVdU="} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1715158217023923,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217023923,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAFQAB+EZfaCn5GQwrsB+Fc6MPwALQAAIAIDOEbyM2uNBJ4VtXVVVXV1dXVVdVVVVVV1VVVVVXVVdXV1dXV1dVVVVVVVVXVVVXVVVVVVVXVVdXVVVXV1dXV1VVV1VXV1VVVVVVVVdXV1dXVVVXV1VXV1VVV1dVVVVXVVVXV1dXV1dVVVVVV1dVV1dVV1VVVVdXV1dXV1dXV1VVV1VVV1dVV1VVVVVXVVdXV1dXV1dXVVVVVVVXV1dVVVVXV1dVVVdVV1dU="} 00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":91,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1715244365850069} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365850069,"packet_id":91,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365850069} 00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvZnwAAOxGNmwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKyKAdgMAFxyoAEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="} @@ -79,7 +79,7 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103171662,"pkt":"CL6sCxduJjb1W8R1CABFLgA+GPZAAEARbmXAqAycOYCsYZMRJv0AKnLdIQARFdhiP0T1f\/Fgd1gOLZUqyBFtfSnaAZ6RACupnbgY0Q=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722795103171662,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1722795103195033,"pkt":"Jjb1W8R1CL6sCxduCABFAgA+zl1AAC0RzCk5gKxhwKgMnCb9kxEAKhcefIARV9hiP0T1f\/Fgd1gOKpUqyBFtfSnaAZ6RACupnbgY0Q=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103195033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1722795103670366,"pkt":"CL6sCxduJjb1W8R1CABFLgBEGRVAAEARbkDAqAycOYCsYZMRJv0AMPyVD4AUTLPML0b7cBNBNNvKcqA4d1QFMSncQBKGQnoA2FojtdNgQfDokw=="} -00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00997{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":116,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1722795103693084} @@ -97,4 +97,4 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 1002 chars -~~ json message avg len.......: 653 chars +~~ json message avg len.......: 654 chars diff --git a/test/results/default/gquic_only_from_server.pcap.out b/test/results/default/gquic_only_from_server.pcap.out index 1489d0832..776433e52 100644 --- a/test/results/default/gquic_only_from_server.pcap.out +++ b/test/results/default/gquic_only_from_server.pcap.out @@ -1,13 +1,13 @@ 00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00802{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251989197119} -00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989197119,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4qFAglQtqrsDUxewFr5JIXeWAY6RF86CpAAQOlAQAGAKABAltSRUoABwAAAFNUSwA4AAAAU05PAGwAAABQUk9GbAEAAFNDRkfzAQAAUlJFSvcBAABTVFRM\/wEAAENSVP8bAgAAT7lEuqmgqtYH+ijEiKaPQIy+ZChskOUCQEOXCVQHODgEUDi4gK+Y2fknYCMPTuXF5o7P1p2Q09HWj67E\/GVB22m2zd3BwWxvWGnHbEMibFDsKh7Y\/Frv41cGn7hjXqEcbAsNpcVd7dzeyErmKzuNIO0vP5FIw0+Q18PdyZGT3x5dWqDzeh010yoNKDztLTRTGgLmFqmPSHrDGNj0ZjRIJ5YLMvzSsofddd\/pmSWWU\/br7MLE0U3uy5GheQ5rsuvfCxr\/3wS5OodpK\/U6uXoiWDCp\/9jJhgLW1RH8KH+AsqOcR83lhenQiRYYWJ7UcXeHR72CiYaDsMjStdV6yUsD2KUn3OuVTfPYSZOd0CfePbKnOIouDsGc7zpamsdSnCTdELRk5aZqs2Bks\/aS0+qcPSL+nMD5wTfTmv6hbPMmnqhE75+hj5BLcSaQVPfTdSHo82q2odiSmYlJ6syER6cP9lc6uWo6jxmhn29mPlNDRkcGAAAAQUVBRAgAAABTQ0lEGAAAAFBVQlM7AAAAS0VYUz8AAABPQklURwAAAEVYUFlPAAAAQUVTR0NDMjANAns7u4LJoHrRQPcY9PuYIAAA4D7eqlM679heUJOOpLBttHaQi+6STlpRUkjX5oqSpndDMjU1GjfRB2GCZa2q1+liAAAAAA0AAABUjOgAAAAAAAIjIdJ88ECivwIeTWKjZk57pwLCmOM1SIo0xwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} -02371{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1644251989256533,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989256533,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU6+yQSehEg1oJX8Xc578X+zisrdl0VGTR15CAyIfNoJiCRqgwLlCyQZNBRw3sqgG\/t2XlrnbMXEsLYRDs986HjYzbq1tBRk4QALuyaE\/JFaY8f42k5\/XwgeimsLvLYZQjx0WV6\/QgJiiDiSmNzj+AntMNmC7QbFKN+35+tSzSnuZLfXUesF863fCWqmeXkV5v9ybejHZr6I+BzlzBy28gGgJaI0sQgT4esYNxPBDhU3dGONrGuOs8VhWhZAVvb8ViFcY7BJ\/5Hh0IpyzgL+ybH9q\/HZhBdqYFhMU3n4ME2gGoXxMWzU7Jc4GAkidgt41zw6sJ0JyvWBQa4uzq6yGi04Mkd6bmZU0+cLOVRaVoHfgd7e2irX24eZaXKVeenbNTSooiM8gitgJwd+zB75DowSrs2pkZneecc98ThEJfrWMQgJdGUmGmLuJfW++t6NjC0tJJ48I2Wv3SpsOrxaurv\/5vq6qiRh\/MZtyZqfBxg4Nithu9A2GolL4l\/ytK6PVwz1oaCkV8TPIbKXu5g\/nycQ6BYjPW6MosucuO2f1WKlMbYAKtgyTTrp5S3KPMjDSvBUb8s5GK6Tbt1vfuyUQXuYvvJpCazoETc9xchcCxhddLO+rkQDz3W+p7aYCYJZ8Ymh3VSR\/lYQZJxl1OpkiDfHvwcXzpTsouLCxXXkJ+i9Gb8u\/2KopQa+D0yfCkjcy85zcItYtrhYNUpLS0lAu\/ZoCSNK\/1qdlpiW\/oJTwi7KVWGJoxGU3SDa\/ga1KOeqc7xa6vDWnLouJe1WNluq8MAWr+19S\/hAimXEhmoxm+KDXNPBW7uoDgy6l\/rv4wBWQFWG7+bhRsKob5YVTlpvHrml7vxTMimJotcGQ6+nkYujEEYxP\/Mq+C7szNRa\/khtrGNO6eKpaYcMNQmvy3DriyJp6C+rI9921I4TfXrcJWurfNQtJ6NQ4lxarqK1RV8vSeEMjL2x+07SPj00F3sJxaHxaE6\/arwqc0RlN2ckGBh8ybsGda8SXEtx1BoYArTYlgQC3tT\/Zcs0ti6xqqfoHLQXGCedsC2SG0+8Q8h8eG\/OFE0Iir\/POJGWyPVWwKzQ3XOrwwZTBliENO+cEAcj0IqWwLdI3Ud3wB+O8qeVh6p2ohyJnhlCStZCbaswc4A8OXKDZHXYgJOEVdsr6pSu3XziXECpgdRR\/0JWVSXfPN6oCaoe4x7msqqsDuo9kbSEiGW80i4Rhd6o0f0FI3Xkyceclq3SL1bx0WFMpnSFeqq9Bly2JyHOVxG\/t6Ym0tOxfEGHKrMlIs7GWK2kkLD3Ub0C4fBEP2+AzEDUQji0deq8WFGrTe7TYrvQzWuxz1R1rv60HjMR30Ck2SEpwsSxQZe4tSwY7JtEbFJeUnuVPjM8FsTug2w3E+3y9m7i2ISvAlkqUfTJoNTThU+XhLid7lhyRHias9DDbwTm4kj\/2b1U0MdB8KhWnI4DQS0cmkgBk1AzLpRSCF7aIqX+h9eNGk5edpERkw4q\/D20MhElqetcI5THvysHJjwYILrjo9C8eU7BvpZECzM8WQKXpaObMVbvRev+eZB99qgVdObjdqjK2oQnXhPFsDWAI7isbjPvi770k91VyWXxBRx1reYH3trz8SQUm6uFBy4\/5JzjqV0twdbWlB\/aOKoQrymVe4nzfB5f\/9oF2uJY6r4yJ3\/zQotDIzfdMw5ExuBcfa76EP7Z+z\/Meb52KL8Wz1EYr1SuaeObzcImMQfqSMzmdEhOQYBKfnDtGvSnfUz+nr+3H\/b5MWub+9gfnfpo1vp8iRLqho\/NTQI0eMK+pA=="} -00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1644251989257159,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1644251989257159,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAMwAAQABxEafR1coHGgq9ekcBu+xsAB+0nAADWIPGM1CS0PfqCmJN2oZO12U7OMyn"} -02362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4fIQAFXUInh+Nj46SUAklw7faHf2lL9QCzuRO2td6KNKev\/JAr5eYL9lbo6W7jpopveWBQmWLK\/fr+P6D32bulPZ1TfPYQWzoAa9AwZxwvKH7I0RRXjumRndqUFv2dzEysBdzscsuwCtuQig8EBcrgyhirTLG5oXc4aw8zCyni5+Ov3z15t5jbII4zM9bYLybkdJyMYG4X3cMqIlfoPiOYEKKb3u7c3FpUt+feGrTXJ+OGCzmC9UwL6My0kVjrRblnPCYv18Vc27CawuoN6Hc7yzsZ5JDxa+vP6Mjhwi0kfo+Mhh57CRwmahnAvlT4gBXgrcZbKRC+SZbL7i\/YuEY+IpYnfadX27oIHnX1fWz\/V420PqUI7e95pehRMQZ6t6EHIhSwQQQsZAt3KoIErSCjrSeWoo2BmqsG3YQEYg1M0X55ZRl2L38k2ISSv34XlgzWOf3f+MddKHNUwyNXGc8KZppw8FF9qo9UTRB46k0OJypFH+fW92hUuO5vZdaM4zsIT66YcJBKGqNkD\/VBer\/jx5GJVGfplZHgYjiDI38PF8Bo4z89DoeXKcVEGPnQk6TZcCO0YZbjPEsApoYfIeVKzouW\/o3A9PYEjSEXi5EPMlZQs4pi5l+jJz31+mq0VAI5j2CT4vJoFQT8ilbKMSgYlqpHl7+qbW85929Fr436\/KEx1MrKk75ShODFrcxTxXvgg8NKYT6SPGNBWa7fHkd12VRwAmTSQFAGc2ZfMVD4sPtrL0PSqapPxeO\/S3HlmtTYXHaEZIETuHHfZS3qfkPtV6MK+OGOHZlzjaYR9qi4NxDwM+nSx3MusIV0GrwCounlN1Qf1XbGFqK27rbvFzhA6dgYSVf5Qmb9HT58ff3INYOVFOLwRdnBI0YDTKk+O6czdlW3XVUQ5s2GorzADWyzZTY7PbgEJIn7poFIn9uUVTp5UAJMqDLpblGRBUOCJVenp+CgORIPzH10Ws3e09dvA\/f\/bvHxBWpQalg425S5DVD6cL0yGLZPTUIi3Kcu+cJjnO1G5NQLzpSx7IWXxnSk86S71vtGsqOU86H4f\/ksGHQV9A8p6t\/poWk\/tBKOdID\/dEjW4bXAJT0H+2Q2schG601Imnywksf\/f8THazPOEcCN2dDDQuzs3BWJIFBXhX1cwBVWK2PrQ\/E\/TKr+5z9adr8icv2Hu0UuOj3nz7WVuDBmrb2spouZtb5jOxb\/vYtE3DwxmOOFHKlG7eYLzJTXnA2oyp2XLYqdMdvIxb+0Nmy\/CEpdguWPdvFdgjb4wl0RhMZU7u7Mp39Zxb5X2cDd9SYHS0jVLXqEPphDaT+6VxcXBI+2kSKRAuycjV0Dxcj+OYZhIl6N1iF07WojGOCnnA5474iE\/B4xwl4XNFqJbOV+IiDf\/Fqh4yrj1qYwsbNhv4zuatsKfNSjxxwMmSLEXcedHxAQNf3A9fwD64CRauPnxtI8iXLYEogGOjX3zJBMF6oy7VGxEyCVt1hG2PWmBSUd1cAlQjmvt\/sJRYwNZ21mlwvQwQDgg+wNUDTislkwZZQQWVtYeKParYH8R5n8GNqFUEZINDtWrJORbhfPNR4VFBGJ3HFWEGZ+SxpoCjgXNndSNTYutzd0ch7s0R42PRxraYQWA+oh5FuzNn3ijXwQcz3+yP0dh3FmlqeoDDo\/lRld4+VDSzS7EZWc5SE9QMSCUgpfoy340\/g6o1c3bJRphxcLTkH5d1sOp560ym7D6B2HPO9596qoMD4C6X2MxixEo8\/OduHV4aoXgwZG0mas4KjTiLp4QsrvbnTCJDdxp866IaotBQ=="} -02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgACQABxEaKg1coHGgq9ekcBu+xsBU5w1QAHq\/m9vTr7O5IAzcdS9wk7Ddox7LZfFBxkY2AqLA6FdJac+irakSOuazN4u6hF1R+\/y2HQI+W+79jJkogrQXvngngx2k8dz0wx\/N3Epp4s2\/DhaDZbD7E8nnX2GV2f+ArjgYIr++2bCze927VDqUt6Y\/68rP90Dg5aiaouPSp1+ZMB+0priHJ21yHSthsfaaRWkLP8bV2MAUFf6i5R0YWAgrrRmAwwogiVZQe09Es154tnRchNEu98YkbAfLLvcPbpracl43kyDxfL+\/8jl\/gKgFzMYaHqP6XWb8PJMKxHtKpSfHFxOBwTV0XDOI75sw\/BZKR1W4z0Nsb4mdVi0sIFKhMB3fXrHgitYLfiaaoDrP9DeqAkU6dMZmBDCrMo5HdnJyEpOXJ1UbeQ7eYYxcanlqt8Fj\/Y3gwsRDKXE22Ok4hD9r52oj5au9bvsrCgT6XypMW5pRd6wjMO3QOua1tHWohCjg\/krUjbJarjnPYdrtoltjrSw\/C0+rFmBNxuxUNvwo0bHNhAf+8XyrjYG2JtluYIvbu1YwvVWMlBRk\/YVRI8e4XK\/ehJHdoci9motArqGvfVOjJ4i+2Gywd4FF2DaiGP6hAsLnVHdDNaiTRAYEyr2EIRLQgPZqDTaKDnMFicXzhGn+vl9g0GXP+fRolWnHkCpYK8mkbBruef4DpgBfyw1yiJrQ5biSh+7Txw1UNXcTvLRcH3SQ1wGFFsLAwlOqKq\/O18uxaWbuDNkf7Tutjjn3rQE76FKl6GoLaLKweX1GuQi8HIqoUAix35NM\/ju7+cTbahGDl2CxcErvOq6UNJPYSWobPEoX49OLRB0qtIyS\/wM2XFnQkNdQUCOBkzCMd0J01rLbY4Lr7s0iuVUr63CZDK1dgOwmVLXv61JXHWu4sT1tJ84McL3p\/\/k36EhzDX0MYq9JgXRber3t4ia2auuqfnTuTlnw\/kpFdbENgipApABNauXwGnbI+vQABkmrYVkjcMWAXcDTLz+aRlN1XeZuC13IkWEo7R3ty3KHiCMDYIay9tAIBcEFuUyFCrYhPNbCmDs+969TJUnuqMAyRDWqPCg8mIz8Okt9fcwEoVuiA44iMsYi5LYE9lXm16iKO8KPDjuRYtdBDd8EgpmnjfXDlKdurHbkfaeBwEaSVPWpmaqX0rxrsfFoo7fxpCPutb6bVmrXAfC6MSgWy9H+oW11QeAHTH+iZO+FqGj5bdQFbSu7QfMTLmw9nr093b3rzaHOYG5o54g3jVj1aZzWVb99OR9XQd3UCxHElmXwmfrvYQAVt4Eb97Q05XlEBP9cFasgBmlDsX4l1xr9Yp2xS3u81yyfr2ipR22A+06D8pe8rJ5E6Fs7Yhj\/aleRleF7Mu0+LDx4nFdkGwlrCw7laAkIOZfJW2bIKe+vV9WUQ3qA3aj+wmD7AYUslve3YPjBjGHUrs6Qu8tl\/d\/2eUGn5J4x8S3NMSQJtrnvl5hukCYgkNOvWZhd+iz4tenCYr9\/PG21ldnyflnyWr1zBHEzKnFkceryn\/\/t+CUSLFfvYY\/P\/J41LIrJ8d3PaSJJTdOuT8WyPs3mJe9AIJHowDSLwFWfKsLi\/VfBNzyT3POBy69MGQGwAKcfsb3uHjVmhSQpmhexTOAyMqbuowRQAwPDkotu5vUw\/9ez4kPcjsBfw5DSjmAd6Wso0OWTaLSpB\/ZI6im+FBMfwKlNfirWLGUYp+tN7x7zIzgQhKbgMusNCyPeL8tfUXei+VO8gqS5XXJQZsAhiqrHuYWyEiuverFKZLBXushLyqd1P2W0n5f+jWkfek4A=="} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989290808,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989290808,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989197119,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4qFAglQtqrsDUxewFr5JIXeWAY6RF86CpAAQOlAQAGAKABAltSRUoABwAAAFNUSwA4AAAAU05PAGwAAABQUk9GbAEAAFNDRkfzAQAAUlJFSvcBAABTVFRM\/wEAAENSVP8bAgAAT7lEuqmgqtYH+ijEiKaPQIy+ZChskOUCQEOXCVQHODgEUDi4gK+Y2fknYCMPTuXF5o7P1p2Q09HWj67E\/GVB22m2zd3BwWxvWGnHbEMibFDsKh7Y\/Frv41cGn7hjXqEcbAsNpcVd7dzeyErmKzuNIO0vP5FIw0+Q18PdyZGT3x5dWqDzeh010yoNKDztLTRTGgLmFqmPSHrDGNj0ZjRIJ5YLMvzSsofddd\/pmSWWU\/br7MLE0U3uy5GheQ5rsuvfCxr\/3wS5OodpK\/U6uXoiWDCp\/9jJhgLW1RH8KH+AsqOcR83lhenQiRYYWJ7UcXeHR72CiYaDsMjStdV6yUsD2KUn3OuVTfPYSZOd0CfePbKnOIouDsGc7zpamsdSnCTdELRk5aZqs2Bks\/aS0+qcPSL+nMD5wTfTmv6hbPMmnqhE75+hj5BLcSaQVPfTdSHo82q2odiSmYlJ6syER6cP9lc6uWo6jxmhn29mPlNDRkcGAAAAQUVBRAgAAABTQ0lEGAAAAFBVQlM7AAAAS0VYUz8AAABPQklURwAAAEVYUFlPAAAAQUVTR0NDMjANAns7u4LJoHrRQPcY9PuYIAAA4D7eqlM679heUJOOpLBttHaQi+6STlpRUkjX5oqSpndDMjU1GjfRB2GCZa2q1+liAAAAAA0AAABUjOgAAAAAAAIjIdJ88ECivwIeTWKjZk57pwLCmOM1SIo0xwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} +02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1644251989256533,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989256533,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU6+yQSehEg1oJX8Xc578X+zisrdl0VGTR15CAyIfNoJiCRqgwLlCyQZNBRw3sqgG\/t2XlrnbMXEsLYRDs986HjYzbq1tBRk4QALuyaE\/JFaY8f42k5\/XwgeimsLvLYZQjx0WV6\/QgJiiDiSmNzj+AntMNmC7QbFKN+35+tSzSnuZLfXUesF863fCWqmeXkV5v9ybejHZr6I+BzlzBy28gGgJaI0sQgT4esYNxPBDhU3dGONrGuOs8VhWhZAVvb8ViFcY7BJ\/5Hh0IpyzgL+ybH9q\/HZhBdqYFhMU3n4ME2gGoXxMWzU7Jc4GAkidgt41zw6sJ0JyvWBQa4uzq6yGi04Mkd6bmZU0+cLOVRaVoHfgd7e2irX24eZaXKVeenbNTSooiM8gitgJwd+zB75DowSrs2pkZneecc98ThEJfrWMQgJdGUmGmLuJfW++t6NjC0tJJ48I2Wv3SpsOrxaurv\/5vq6qiRh\/MZtyZqfBxg4Nithu9A2GolL4l\/ytK6PVwz1oaCkV8TPIbKXu5g\/nycQ6BYjPW6MosucuO2f1WKlMbYAKtgyTTrp5S3KPMjDSvBUb8s5GK6Tbt1vfuyUQXuYvvJpCazoETc9xchcCxhddLO+rkQDz3W+p7aYCYJZ8Ymh3VSR\/lYQZJxl1OpkiDfHvwcXzpTsouLCxXXkJ+i9Gb8u\/2KopQa+D0yfCkjcy85zcItYtrhYNUpLS0lAu\/ZoCSNK\/1qdlpiW\/oJTwi7KVWGJoxGU3SDa\/ga1KOeqc7xa6vDWnLouJe1WNluq8MAWr+19S\/hAimXEhmoxm+KDXNPBW7uoDgy6l\/rv4wBWQFWG7+bhRsKob5YVTlpvHrml7vxTMimJotcGQ6+nkYujEEYxP\/Mq+C7szNRa\/khtrGNO6eKpaYcMNQmvy3DriyJp6C+rI9921I4TfXrcJWurfNQtJ6NQ4lxarqK1RV8vSeEMjL2x+07SPj00F3sJxaHxaE6\/arwqc0RlN2ckGBh8ybsGda8SXEtx1BoYArTYlgQC3tT\/Zcs0ti6xqqfoHLQXGCedsC2SG0+8Q8h8eG\/OFE0Iir\/POJGWyPVWwKzQ3XOrwwZTBliENO+cEAcj0IqWwLdI3Ud3wB+O8qeVh6p2ohyJnhlCStZCbaswc4A8OXKDZHXYgJOEVdsr6pSu3XziXECpgdRR\/0JWVSXfPN6oCaoe4x7msqqsDuo9kbSEiGW80i4Rhd6o0f0FI3Xkyceclq3SL1bx0WFMpnSFeqq9Bly2JyHOVxG\/t6Ym0tOxfEGHKrMlIs7GWK2kkLD3Ub0C4fBEP2+AzEDUQji0deq8WFGrTe7TYrvQzWuxz1R1rv60HjMR30Ck2SEpwsSxQZe4tSwY7JtEbFJeUnuVPjM8FsTug2w3E+3y9m7i2ISvAlkqUfTJoNTThU+XhLid7lhyRHias9DDbwTm4kj\/2b1U0MdB8KhWnI4DQS0cmkgBk1AzLpRSCF7aIqX+h9eNGk5edpERkw4q\/D20MhElqetcI5THvysHJjwYILrjo9C8eU7BvpZECzM8WQKXpaObMVbvRev+eZB99qgVdObjdqjK2oQnXhPFsDWAI7isbjPvi770k91VyWXxBRx1reYH3trz8SQUm6uFBy4\/5JzjqV0twdbWlB\/aOKoQrymVe4nzfB5f\/9oF2uJY6r4yJ3\/zQotDIzfdMw5ExuBcfa76EP7Z+z\/Meb52KL8Wz1EYr1SuaeObzcImMQfqSMzmdEhOQYBKfnDtGvSnfUz+nr+3H\/b5MWub+9gfnfpo1vp8iRLqho\/NTQI0eMK+pA=="} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1644251989257159,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1644251989257159,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAMwAAQABxEafR1coHGgq9ekcBu+xsAB+0nAADWIPGM1CS0PfqCmJN2oZO12U7OMyn"} +02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4fIQAFXUInh+Nj46SUAklw7faHf2lL9QCzuRO2td6KNKev\/JAr5eYL9lbo6W7jpopveWBQmWLK\/fr+P6D32bulPZ1TfPYQWzoAa9AwZxwvKH7I0RRXjumRndqUFv2dzEysBdzscsuwCtuQig8EBcrgyhirTLG5oXc4aw8zCyni5+Ov3z15t5jbII4zM9bYLybkdJyMYG4X3cMqIlfoPiOYEKKb3u7c3FpUt+feGrTXJ+OGCzmC9UwL6My0kVjrRblnPCYv18Vc27CawuoN6Hc7yzsZ5JDxa+vP6Mjhwi0kfo+Mhh57CRwmahnAvlT4gBXgrcZbKRC+SZbL7i\/YuEY+IpYnfadX27oIHnX1fWz\/V420PqUI7e95pehRMQZ6t6EHIhSwQQQsZAt3KoIErSCjrSeWoo2BmqsG3YQEYg1M0X55ZRl2L38k2ISSv34XlgzWOf3f+MddKHNUwyNXGc8KZppw8FF9qo9UTRB46k0OJypFH+fW92hUuO5vZdaM4zsIT66YcJBKGqNkD\/VBer\/jx5GJVGfplZHgYjiDI38PF8Bo4z89DoeXKcVEGPnQk6TZcCO0YZbjPEsApoYfIeVKzouW\/o3A9PYEjSEXi5EPMlZQs4pi5l+jJz31+mq0VAI5j2CT4vJoFQT8ilbKMSgYlqpHl7+qbW85929Fr436\/KEx1MrKk75ShODFrcxTxXvgg8NKYT6SPGNBWa7fHkd12VRwAmTSQFAGc2ZfMVD4sPtrL0PSqapPxeO\/S3HlmtTYXHaEZIETuHHfZS3qfkPtV6MK+OGOHZlzjaYR9qi4NxDwM+nSx3MusIV0GrwCounlN1Qf1XbGFqK27rbvFzhA6dgYSVf5Qmb9HT58ff3INYOVFOLwRdnBI0YDTKk+O6czdlW3XVUQ5s2GorzADWyzZTY7PbgEJIn7poFIn9uUVTp5UAJMqDLpblGRBUOCJVenp+CgORIPzH10Ws3e09dvA\/f\/bvHxBWpQalg425S5DVD6cL0yGLZPTUIi3Kcu+cJjnO1G5NQLzpSx7IWXxnSk86S71vtGsqOU86H4f\/ksGHQV9A8p6t\/poWk\/tBKOdID\/dEjW4bXAJT0H+2Q2schG601Imnywksf\/f8THazPOEcCN2dDDQuzs3BWJIFBXhX1cwBVWK2PrQ\/E\/TKr+5z9adr8icv2Hu0UuOj3nz7WVuDBmrb2spouZtb5jOxb\/vYtE3DwxmOOFHKlG7eYLzJTXnA2oyp2XLYqdMdvIxb+0Nmy\/CEpdguWPdvFdgjb4wl0RhMZU7u7Mp39Zxb5X2cDd9SYHS0jVLXqEPphDaT+6VxcXBI+2kSKRAuycjV0Dxcj+OYZhIl6N1iF07WojGOCnnA5474iE\/B4xwl4XNFqJbOV+IiDf\/Fqh4yrj1qYwsbNhv4zuatsKfNSjxxwMmSLEXcedHxAQNf3A9fwD64CRauPnxtI8iXLYEogGOjX3zJBMF6oy7VGxEyCVt1hG2PWmBSUd1cAlQjmvt\/sJRYwNZ21mlwvQwQDgg+wNUDTislkwZZQQWVtYeKParYH8R5n8GNqFUEZINDtWrJORbhfPNR4VFBGJ3HFWEGZ+SxpoCjgXNndSNTYutzd0ch7s0R42PRxraYQWA+oh5FuzNn3ijXwQcz3+yP0dh3FmlqeoDDo\/lRld4+VDSzS7EZWc5SE9QMSCUgpfoy340\/g6o1c3bJRphxcLTkH5d1sOp560ym7D6B2HPO9596qoMD4C6X2MxixEo8\/OduHV4aoXgwZG0mas4KjTiLp4QsrvbnTCJDdxp866IaotBQ=="} +02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgACQABxEaKg1coHGgq9ekcBu+xsBU5w1QAHq\/m9vTr7O5IAzcdS9wk7Ddox7LZfFBxkY2AqLA6FdJac+irakSOuazN4u6hF1R+\/y2HQI+W+79jJkogrQXvngngx2k8dz0wx\/N3Epp4s2\/DhaDZbD7E8nnX2GV2f+ArjgYIr++2bCze927VDqUt6Y\/68rP90Dg5aiaouPSp1+ZMB+0priHJ21yHSthsfaaRWkLP8bV2MAUFf6i5R0YWAgrrRmAwwogiVZQe09Es154tnRchNEu98YkbAfLLvcPbpracl43kyDxfL+\/8jl\/gKgFzMYaHqP6XWb8PJMKxHtKpSfHFxOBwTV0XDOI75sw\/BZKR1W4z0Nsb4mdVi0sIFKhMB3fXrHgitYLfiaaoDrP9DeqAkU6dMZmBDCrMo5HdnJyEpOXJ1UbeQ7eYYxcanlqt8Fj\/Y3gwsRDKXE22Ok4hD9r52oj5au9bvsrCgT6XypMW5pRd6wjMO3QOua1tHWohCjg\/krUjbJarjnPYdrtoltjrSw\/C0+rFmBNxuxUNvwo0bHNhAf+8XyrjYG2JtluYIvbu1YwvVWMlBRk\/YVRI8e4XK\/ehJHdoci9motArqGvfVOjJ4i+2Gywd4FF2DaiGP6hAsLnVHdDNaiTRAYEyr2EIRLQgPZqDTaKDnMFicXzhGn+vl9g0GXP+fRolWnHkCpYK8mkbBruef4DpgBfyw1yiJrQ5biSh+7Txw1UNXcTvLRcH3SQ1wGFFsLAwlOqKq\/O18uxaWbuDNkf7Tutjjn3rQE76FKl6GoLaLKweX1GuQi8HIqoUAix35NM\/ju7+cTbahGDl2CxcErvOq6UNJPYSWobPEoX49OLRB0qtIyS\/wM2XFnQkNdQUCOBkzCMd0J01rLbY4Lr7s0iuVUr63CZDK1dgOwmVLXv61JXHWu4sT1tJ84McL3p\/\/k36EhzDX0MYq9JgXRber3t4ia2auuqfnTuTlnw\/kpFdbENgipApABNauXwGnbI+vQABkmrYVkjcMWAXcDTLz+aRlN1XeZuC13IkWEo7R3ty3KHiCMDYIay9tAIBcEFuUyFCrYhPNbCmDs+969TJUnuqMAyRDWqPCg8mIz8Okt9fcwEoVuiA44iMsYi5LYE9lXm16iKO8KPDjuRYtdBDd8EgpmnjfXDlKdurHbkfaeBwEaSVPWpmaqX0rxrsfFoo7fxpCPutb6bVmrXAfC6MSgWy9H+oW11QeAHTH+iZO+FqGj5bdQFbSu7QfMTLmw9nr093b3rzaHOYG5o54g3jVj1aZzWVb99OR9XQd3UCxHElmXwmfrvYQAVt4Eb97Q05XlEBP9cFasgBmlDsX4l1xr9Yp2xS3u81yyfr2ipR22A+06D8pe8rJ5E6Fs7Yhj\/aleRleF7Mu0+LDx4nFdkGwlrCw7laAkIOZfJW2bIKe+vV9WUQ3qA3aj+wmD7AYUslve3YPjBjGHUrs6Qu8tl\/d\/2eUGn5J4x8S3NMSQJtrnvl5hukCYgkNOvWZhd+iz4tenCYr9\/PG21ldnyflnyWr1zBHEzKnFkceryn\/\/t+CUSLFfvYY\/P\/J41LIrJ8d3PaSJJTdOuT8WyPs3mJe9AIJHowDSLwFWfKsLi\/VfBNzyT3POBy69MGQGwAKcfsb3uHjVmhSQpmhexTOAyMqbuowRQAwPDkotu5vUw\/9ez4kPcjsBfw5DSjmAd6Wso0OWTaLSpB\/ZI6im+FBMfwKlNfirWLGUYp+tN7x7zIzgQhKbgMusNCyPeL8tfUXei+VO8gqS5XXJQZsAhiqrHuYWyEiuverFKZLBXushLyqd1P2W0n5f+jWkfek4A=="} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989290808,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989290808,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1644251989290808} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 @@ -21,6 +21,6 @@ ~~ total memory freed........: 6642537 bytes ~~ total allocations/frees...: 114050/114050 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 563 chars -~~ json message max len.......: 2376 chars -~~ json message avg len.......: 1465 chars +~~ json message min len.......: 578 chars +~~ json message max len.......: 2391 chars +~~ json message avg len.......: 1480 chars diff --git a/test/results/default/gre.pcapng.out b/test/results/default/gre.pcapng.out index 3999bb0f4..3aa12b5e9 100644 --- a/test/results/default/gre.pcapng.out +++ b/test/results/default/gre.pcapng.out @@ -1,9 +1,9 @@ 00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00785{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} -00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5} -00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1483501349095788,"pkt":"AAAAAAACnDf0fG6RgQAAjggARQABbq+lAADyL1hPbWnk\/QqxYlQwgYgLAUqYUAAAAGoAAACM\/wMAIUWgAUY4wQAAPxFN+8CoCtLAqGcoE8QTxAEyV9VTSVAvMi4wIDEwMCBUcnlpbmcNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xMDMuNDA6NTA2MDtycG9ydD01MDYwO3JlY2VpdmVkPTE5Mi4xNjguMTAzLjQwO2JyYW5jaD16OWhHNGJLX0FJMjAwMEF1ZzA2NDkxMzY3MjI3MTEwDQpUbzogPHNpcDoyNzFAMTkyLjE2OC4xMC4yMTA+DQpGcm9tOiA8c2lwOjI4MUAxOTIuMTY4LjEwMy40MD47dGFnPUFJQ0NGODA1RTU3OENFNjQwMw0KQ2FsbC1JRDogQUkxNzM3QUI1NDkxQURDMzkyQDE5Mi4xNjguMTAzLjQwDQpDU2VxOiAxIElOVklURQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} -00891{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5} +00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","vlan_id":142,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1483501349095788,"pkt":"AAAAAAACnDf0fG6RgQAAjggARQABbq+lAADyL1hPbWnk\/QqxYlQwgYgLAUqYUAAAAGoAAACM\/wMAIUWgAUY4wQAAPxFN+8CoCtLAqGcoE8QTxAEyV9VTSVAvMi4wIDEwMCBUcnlpbmcNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xMDMuNDA6NTA2MDtycG9ydD01MDYwO3JlY2VpdmVkPTE5Mi4xNjguMTAzLjQwO2JyYW5jaD16OWhHNGJLX0FJMjAwMEF1ZzA2NDkxMzY3MjI3MTEwDQpUbzogPHNpcDoyNzFAMTkyLjE2OC4xMC4yMTA+DQpGcm9tOiA8c2lwOjI4MUAxOTIuMTY4LjEwMy40MD47dGFnPUFJQ0NGODA1RTU3OENFNjQwMw0KQ2FsbC1JRDogQUkxNzM3QUI1NDkxQURDMzkyQDE5Mi4xNjguMTAzLjQwDQpDU2VxOiAxIElOVklURQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} +00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -18,5 +18,5 @@ ~~ total allocations/frees...: 114021/114021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars -~~ json message max len.......: 971 chars -~~ json message avg len.......: 756 chars +~~ json message max len.......: 985 chars +~~ json message avg len.......: 762 chars diff --git a/test/results/default/hsrp0.pcap.out b/test/results/default/hsrp0.pcap.out index 4859e5721..449a4441a 100644 --- a/test/results/default/hsrp0.pcap.out +++ b/test/results/default/hsrp0.pcap.out @@ -1,21 +1,21 @@ 00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00785{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} -00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551970888102,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000101,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551971000101,"pkt":"AQBeAAACAAAMB6wMgQAADAgARcAAMAAAAAABESPiChyq\/eAAAAIHwQfBABw50wAAEAMKWgwAY2lzY28AAAAKHKr+"} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000101,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000105,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000105,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551971000105,"pkt":"AQBeAAACAAAMB6wNgQAADQgARcAAMAAAAAABESLiChyr\/eAAAAIHwQfBABw20wAAEAMKWg0AY2lzY28AAAAKHKv+"} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000105,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000105,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551971931931,"pkt":"AQBeAAACABJ\/uh8CgQAACggARcAAMAAAAAABESXjChyo\/OAAAAIHwQfBABxH3gAACAMKUAoAY2lzY28AAAAKHKj+"} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000105,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","vlan_id":10,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551970888102,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000101,"vlan_id":12,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","vlan_id":12,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551971000101,"pkt":"AQBeAAACAAAMB6wMgQAADAgARcAAMAAAAAABESPiChyq\/eAAAAIHwQfBABw50wAAEAMKWgwAY2lzY28AAAAKHKr+"} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000101,"vlan_id":12,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000105,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000105,"vlan_id":13,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551971000105,"pkt":"AQBeAAACAAAMB6wNgQAADQgARcAAMAAAAAABESLiChyr\/eAAAAIHwQfBABw20wAAEAMKWg0AY2lzY28AAAAKHKv+"} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000105,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971000105,"vlan_id":13,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","vlan_id":10,"flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551971931931,"pkt":"AQBeAAACABJ\/uh8CgQAACggARcAAMAAAAAABESXjChyo\/OAAAAIHwQfBABxH3gAACAMKUAoAY2lzY28AAAAKHKj+"} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000105,"flow_src_last_pkt_time":1126551971000105,"flow_dst_last_pkt_time":1126551971000105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":13,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":12,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -29,6 +29,6 @@ ~~ total memory freed........: 6648547 bytes ~~ total allocations/frees...: 114053/114053 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 543 chars -~~ json message max len.......: 964 chars -~~ json message avg len.......: 752 chars +~~ json message min len.......: 556 chars +~~ json message max len.......: 977 chars +~~ json message avg len.......: 765 chars diff --git a/test/results/default/hsrp2_ipv6.pcapng.out b/test/results/default/hsrp2_ipv6.pcapng.out index 01c94430e..54afcc464 100644 --- a/test/results/default/hsrp2_ipv6.pcapng.out +++ b/test/results/default/hsrp2_ipv6.pcapng.out @@ -1,25 +1,25 @@ 00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00792{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369101819741,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369104269870,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369104269870,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1589369104269870,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369104269870,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369104269870,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369104269870,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1589369122912148,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369122912148,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1589369125824424,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369125824424,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0AUAFOASgCAAQGABCqu8wAAiAAAABkAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAgAAAAA6x1WuKROwiNJvQ30Zxepz"} -00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1589369130453472,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369130453472,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} -00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1589369131526853,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369131526853,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1589369132187818,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369132187818,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1589369140645637,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369140645637,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1589369146175765,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369146175765,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0AUAFOASgCAAQGABCqu8wAAiAAAABkAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAgAAAAA6x1WuKROwiNJvQ30Zxepz"} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589369147544936,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369147544936,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} -01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369147542943,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369147544936,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369163970340,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":306,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369166016322,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369202638286,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369202638286,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369219022262,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369219022262,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369235852564,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369240383629,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1098,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369101819741,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} +01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369104269870,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369104269870,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1589369104269870,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369104269870,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} +01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369104269870,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369104269870,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1589369122912148,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369122912148,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1589369125824424,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369125824424,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0AUAFOASgCAAQGABCqu8wAAiAAAABkAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAgAAAAA6x1WuKROwiNJvQ30Zxepz"} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1589369130453472,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369130453472,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1589369131526853,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369131526853,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1589369132187818,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369132187818,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1589369140645637,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369140645637,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1589369146175765,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_usec":1589369146175765,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0AUAFOASgCAAQGABCqu8wAAiAAAABkAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAgAAAAA6x1WuKROwiNJvQ30Zxepz"} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589369147544936,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369147544936,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} +01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369147542943,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369147544936,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369163970340,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":306,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369166016322,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369202638286,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369202638286,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369219022262,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369219022262,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369235852564,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369240383629,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1098,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00801{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 @@ -33,6 +33,6 @@ ~~ total memory freed........: 6644947 bytes ~~ total allocations/frees...: 114065/114065 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 560 chars -~~ json message max len.......: 1100 chars -~~ json message avg len.......: 829 chars +~~ json message min len.......: 573 chars +~~ json message max len.......: 1113 chars +~~ json message avg len.......: 842 chars diff --git a/test/results/default/kerberos-error.pcap.out b/test/results/default/kerberos-error.pcap.out index f36d2931b..96249d0bc 100644 --- a/test/results/default/kerberos-error.pcap.out +++ b/test/results/default/kerberos-error.pcap.out @@ -1,10 +1,10 @@ 00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} -00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_usec":1645515964250491,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"} -01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}}} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_usec":1645515964609203,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="} -00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1645515964609203,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","vlan_id":2008,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_usec":1645515964250491,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"} +01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}}} +00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","vlan_id":2008,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_usec":1645515964609203,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1645515964609203,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -19,5 +19,5 @@ ~~ total allocations/frees...: 114022/114022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars -~~ json message max len.......: 1027 chars -~~ json message avg len.......: 792 chars +~~ json message max len.......: 1042 chars +~~ json message avg len.......: 799 chars diff --git a/test/results/default/mongodb.pcap.out b/test/results/default/mongodb.pcap.out index eb014b973..dd56ea471 100644 --- a/test/results/default/mongodb.pcap.out +++ b/test/results/default/mongodb.pcap.out @@ -1,60 +1,73 @@ 00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00787{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} -00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959080,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} -00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483459979210216,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"} -00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301410,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301410,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANBx\/QAA\/Bg+3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} -00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00790{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1483558834969479} -00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969493,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483558835050109,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1483558835130993,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130993,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAANBMKQAA\/BmTQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130999,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAANBMKQAA+BmXQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="} -00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1483726705497076} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} -00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} -00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1483726705503813,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483726705503813,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="} -00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1483726705503964,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQIAbrdWQAA9BiO2CgoKDgoKCg\/wP2mJBNDEts\/TviiAGBAaBDcAAAEBCAoydcXkGQyESzoAAABMBAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAABMAAAAQaXNNYXN0ZXIAAQAAAAA="} -00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1483737232974198} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} -00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1483737232979140,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483737232979140,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="} -00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"} -00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1483814916005019} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005036,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} -00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098086,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} -00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098131,"pkt":"ABsXAAIwLGv11hfFgQABLAgARQAAPAAAQAA8Bn\/pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1483814916107669,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483814916107669,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANJUmQAA\/BufKCgoKEgoKChP8NnUwNO8EZBGWgSuAEBAgGbQAAAEBCAoeHKgCUsc3tA=="} -01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00795{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1483814916108514} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959080,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959080,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483459979210216,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1483459979301410,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301410,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANBx\/QAA\/Bg+3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} +00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":317,"pkt_l4_len":279,"thread_ts_usec":1483459979301746,"pkt":"LGv11hfFABsXAAIwgQABLAgARQABK\/fXQAA\/BjNnCgoKCgoKCgvKbmmJmGzsIz6ahkKAGBAaRyIAAAEBCApv\/F3CXOpDgPcAAACYNm5NAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAA\/\/\/\/\/9AAAAAQaXNtYXN0ZXIAAQAAAANjbGllbnQAtQAAAANkcml2ZXIAKgAAAAJuYW1lAAgAAABQeU1vbmdvAAJ2ZXJzaW9uAAYAAAAzLjQuMAAAA29zAFUAAAACdHlwZQAHAAAARGFyd2luAAJuYW1lAAcAAABEYXJ3aW4AAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAgAAAAxMC4xMS42AAACcGxhdGZvcm0AFwAAAENQeXRob24gMi43LjEwLmZpbmFsLjAAAAA="} +00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00790{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1483558834969479} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969493,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969493,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483558835050109,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1483558835130993,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130993,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAANBMKQAA\/BmTQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130999,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAANBMKQAA+BmXQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":129,"pkt_l4_len":91,"thread_ts_usec":1483558835131940,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAbzJyQAA\/BkUtCgoKDAoKCg3ZHmmJO1oRNTuqYu6AGBAgheQAAAEBCAoWOHXNjPy8NDsAAAAAAAAAAAAAANQHAAAAAAAAYWJ0ZXN0LiRjbWQAAAAAAP\/\/\/\/8TAAAAEGdldG5vbmNlAAEAAAAA"} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1483726705497076} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1483726705503813,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483726705503813,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1483726705503964,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQIAbrdWQAA9BiO2CgoKDgoKCg\/wP2mJBNDEts\/TviiAGBAaBDcAAAEBCAoydcXkGQyESzoAAABMBAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAABMAAAAQaXNNYXN0ZXIAAQAAAAA="} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1483737232974198} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1483737232979140,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483737232979140,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="} +00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"} +00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1483814916005019} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005036,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005036,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098086,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098131,"pkt":"ABsXAAIwLGv11hfFgQABLAgARQAAPAAAQAA8Bn\/pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1483814916107669,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483814916107669,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANJUmQAA\/BufKCgoKEgoKChP8NnUwNO8EZBGWgSuAEBAgGbQAAAEBCAoeHKgCUsc3tA=="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1483814916107729,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483814916107729,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANJUmQAA+BujKCgoKEgoKChP8NnUwNO8EZBGWgSuAEBAgGbQAAAEBCAoeHKgCUsc3tA=="} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":143,"pkt_l4_len":105,"thread_ts_usec":1483814916108514,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAfYoRQAA\/BvKWCgoKEgoKChP8NnUwNO8EZBGWgSuAGBAgykwAAAEBCAoeHKgCUsc3tEkAAACHkQAA\/\/\/\/\/9QHAAAAAAAASW5hY3RpdmVVc2VySWRlbnRpdHkuJGNtZAAAAAAAAQAAABMAAAAQZ2V0bm9uY2UAAQAAAAA="} +01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916107729,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916107729,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} +00795{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1483814916108514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 706 bytes ~~ total detected protocols..: 5 -~~ total active/idle flows...: 5/5 -~~ total timeout flows.......: 0 +~~ total active/idle flows...: 8/8 +~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6653666 bytes -~~ total memory freed........: 6653666 bytes -~~ total allocations/frees...: 114092/114092 +~~ total memory allocated....: 6660542 bytes +~~ total memory freed........: 6660542 bytes +~~ total allocations/frees...: 114125/114125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 554 chars -~~ json message max len.......: 1104 chars -~~ json message avg len.......: 823 chars +~~ json message min len.......: 567 chars +~~ json message max len.......: 1118 chars +~~ json message avg len.......: 839 chars diff --git a/test/results/default/mpegts.pcap.out b/test/results/default/mpegts.pcap.out index 996e6444f..cb1310fe4 100644 --- a/test/results/default/mpegts.pcap.out +++ b/test/results/default/mpegts.pcap.out @@ -1,9 +1,9 @@ 00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00786{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} -00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -02793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_usec":1435209297954335,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","vlan_id":3359,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_usec":1435209297954335,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} +00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 00791{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -18,5 +18,5 @@ ~~ total allocations/frees...: 114020/114020 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 567 chars -~~ json message max len.......: 2798 chars -~~ json message avg len.......: 1613 chars +~~ json message max len.......: 2813 chars +~~ json message avg len.......: 1620 chars diff --git a/test/results/default/mqtt.pcap.out b/test/results/default/mqtt.pcap.out index ec2f4f94c..f36e7d446 100644 --- a/test/results/default/mqtt.pcap.out +++ b/test/results/default/mqtt.pcap.out @@ -7,10 +7,10 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009367545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1643014009367545,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643014009369107,"flow_dst_last_pkt_time":1643014009367545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1643014009369107,"pkt":"AAAAAAAAAAwATSywCABFAAA4909AADQGerwKCgoBwKgAAQdbo6QZpJjawwPwlYAYAf2uHgAAAQEICtwrcSe7X7gUIAIAAA=="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643014009449105,"flow_dst_last_pkt_time":1643014009367545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1643014009449105,"pkt":"AAAAAAAAAAwATSywCABFAAA591FAADQGerkKCgoBwKgAAQdbo6QZpJjewwPwtYAYAf09UgAAAQEICtwrcXe7X7hpkAMAAQA="} -00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_usec":1643014349216221,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","vlan_id":1008,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_usec":1643014349216221,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014010067160,"flow_dst_last_pkt_time":1643014010972297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00789{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -26,5 +26,5 @@ ~~ total allocations/frees...: 114040/114040 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars -~~ json message max len.......: 968 chars -~~ json message avg len.......: 756 chars +~~ json message max len.......: 983 chars +~~ json message avg len.......: 763 chars diff --git a/test/results/default/netbios.pcap.out b/test/results/default/netbios.pcap.out index b2770e38f..613c14f50 100644 --- a/test/results/default/netbios.pcap.out +++ b/test/results/default/netbios.pcap.out @@ -67,9 +67,9 @@ 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772239929129,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"muli"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} 00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":261,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":5,"current-active-flows":15,"total-active-flows":15,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1645514718788263} -00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1645514718788263,"pkt":"AAAAAAAAAA8AAAAIgQAJBAgARQAAcA92QAB7BiK1ChNHuAoRcYHYwQCLJGKEaMHxGvdQGAEALEoAAIEAAEQgRUpFQ0VKRUdFSUZCREJEQkZIRkREQURDRERDQUNBQ0EAIEZDRVBGREVHRUlGQkRBREhGSEZEREFEQURFQ0FDQUFBAA=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","vlan_id":2308,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1645514718788263,"pkt":"AAAAAAAAAA8AAAAIgQAJBAgARQAAcA92QAB7BiK1ChNHuAoRcYHYwQCLJGKEaMHxGvdQGAEALEoAAIEAAEQgRUpFQ0VKRUdFSUZCREJEQkZIRkREQURDRERDQUNBQ0EAIEZDRVBGREVHRUlGQkRBREhGSEZEREFEQURFQ0FDQUFBAA=="} +00959{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411416,"flow_src_last_pkt_time":1447772225411416,"flow_dst_last_pkt_time":1447772225411416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gunnar"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772225411322,"flow_src_last_pkt_time":1447772225411322,"flow_dst_last_pkt_time":1447772225411322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gunnar"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":0,"flow_first_seen":1447772211392771,"flow_src_last_pkt_time":1447772269350219,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"ozi"}} @@ -84,7 +84,7 @@ 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00803{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1645514718788263} diff --git a/test/results/default/rdp2.pcap.out b/test/results/default/rdp2.pcap.out index a46e3cbe3..fd6b36eeb 100644 --- a/test/results/default/rdp2.pcap.out +++ b/test/results/default/rdp2.pcap.out @@ -8,24 +8,24 @@ 01854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1622724949145292,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1622724949145292,"pkt":"UlQATzIvUlQAsDb7CABFAAQLlj0AAIARKpzAqHq1wKh6AtXnDT0D93oRABTAZABlAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1622724950156874,"pkt":"UlQATzIvUlQAsDb7CABFAACqlj4AAIARLfzAqHq1wKh6AtXnDT0AlnawARTAZgBmAOAAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} 00788{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"} -00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":123,"pkt_l4_len":85,"thread_ts_usec":1643703419093178,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAac47AAB9ETMiCgglZApkAlfJxA09AFWLVhCXYDQEAAAMAAEBAOZfhG7mX4RuFwMDADQAAAAAAAAAAVOguCu21iUzhOXCfjn5ZarM7Wg6Bc4AgYCUlt3opwpzOzJhVh9Txja8lfk7"} -00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":103,"pkt_l4_len":65,"thread_ts_usec":1643703419098831,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAVTWvAAB\/EcnCCmQCVwoIJWQNPcnEAEFjeuZfhG4AyAAMAAECABCXYDUQl2A1FwMDACAAAAAAAAAAAc2NsClVO\/2TfWxXYNP\/VXrbuW8m6bmGlg=="} -01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00981{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"} +00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"} +00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":123,"pkt_l4_len":85,"thread_ts_usec":1643703419093178,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAac47AAB9ETMiCgglZApkAlfJxA09AFWLVhCXYDQEAAAMAAEBAOZfhG7mX4RuFwMDADQAAAAAAAAAAVOguCu21iUzhOXCfjn5ZarM7Wg6Bc4AgYCUlt3opwpzOzJhVh9Txja8lfk7"} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":103,"pkt_l4_len":65,"thread_ts_usec":1643703419098831,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAVTWvAAB\/EcnCCmQCVwoIJWQNPcnEAEFjeuZfhG4AyAAMAAECABCXYDUQl2A1FwMDACAAAAAAAAAAAc2NsClVO\/2TfWxXYNP\/VXrbuW8m6bmGlg=="} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724950268127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":142,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2526,"flow_dst_tot_l4_payload_len":2250,"midstream":0,"thread_ts_usec":1643703419813768,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00791{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} -00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1645516407357265,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1645516407365232,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":199,"pkt_l4_len":161,"thread_ts_usec":1645516407365232,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAtWmTAAB+Eb9KCjK10goySSTrww09AKHw6sdtXBcEAAAMAAAAAJ\/WdSyf1nUsFv7\/AAAAAAAAAAAAeAEAAGwAAAAAAAAAbP7\/YhSWd3AWJ5LV+bA4HU4647GsucjUQNP74GNK\/bd2kPEAAAAOwArACcAUwBMANQAvAAoBAAA0AAAAEQAPAAAMZHJjc2FsZ2ZjMDQzAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} -00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":199,"pkt_l4_len":161,"thread_ts_usec":1645516407369717,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAtWmVAAB+Eb9ICjK10goySSTrww09AKHv6MdtXBcEAAAMAAAAAJ\/WdS2f1nUtFv7\/AAAAAAAAAAEAeAEAAGwAAAAAAAAAbP7\/YhSWd3AWJ5LV+bA4HU4647GsucjUQNP74GNK\/bd2kPEAAAAOwArACcAUwBMANQAvAAoBAAA0AAAAEQAPAAAMZHJjc2FsZ2ZjMDQzAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} -00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"} -01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02178{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +02176{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1645516407357265,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1645516407365232,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":199,"pkt_l4_len":161,"thread_ts_usec":1645516407365232,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAtWmTAAB+Eb9KCjK10goySSTrww09AKHw6sdtXBcEAAAMAAAAAJ\/WdSyf1nUsFv7\/AAAAAAAAAAAAeAEAAGwAAAAAAAAAbP7\/YhSWd3AWJ5LV+bA4HU4647GsucjUQNP74GNK\/bd2kPEAAAAOwArACcAUwBMANQAvAAoBAAA0AAAAEQAPAAAMZHJjc2FsZ2ZjMDQzAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} +00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":199,"pkt_l4_len":161,"thread_ts_usec":1645516407369717,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAtWmVAAB+Eb9ICjK10goySSTrww09AKHv6MdtXBcEAAAMAAAAAJ\/WdS2f1nUtFv7\/AAAAAAAAAAEAeAEAAGwAAAAAAAAAbP7\/YhSWd3AWJ5LV+bA4HU4647GsucjUQNP74GNK\/bd2kPEAAAAOwArACcAUwBMANQAvAAoBAAA0AAAAEQAPAAAMZHJjc2FsZ2ZjMDQzAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} +00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00793{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 @@ -40,5 +40,5 @@ ~~ total allocations/frees...: 114086/114086 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 565 chars -~~ json message max len.......: 2168 chars -~~ json message avg len.......: 1365 chars +~~ json message max len.......: 2183 chars +~~ json message avg len.......: 1373 chars diff --git a/test/results/default/rtp.pcapng.out b/test/results/default/rtp.pcapng.out index ccc7bc2b6..650862b62 100644 --- a/test/results/default/rtp.pcapng.out +++ b/test/results/default/rtp.pcapng.out @@ -26,15 +26,15 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1643703745898718,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1643703745898718,"pkt":"AAAAAAAAAA0A6CjdCABFAABUXqUAAH8RTbCW23YTwHHB49Paw1MAQCgLr80ACAAafnO\/DuYuk7Qm7AS8F\/mRjAhWf8oXJ8iKIG1vbiBG\/CH8sc3Jm2Qs1\/hdRLqg0e41AYA="} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643703745915963,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1643703745915963,"pkt":"AAAAAAAAAA0A6CjdCABFAADBXqYAAH8RTUKW23YTwHHB49Paw1MArUaokHhIt9F\/QTUAGn5zvt4AAZh5k2ZCx7AG1wPxuzfCf8IwfzFMqVgW4L\/mJFqmRAcv8EJTXmkyrY75f6lOJMucq+rA3frXvaUL0BKpnggCk8fasluufmW8FbErfrU6zDzccizbXzvL1SCk28XBaOck\/RKMjjxlmWOhUAMPzKd7IE7GUd1q3K2nXpJZolklVyfnB7AqCWsUi9KYepAHxMOiROPvNQGA"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082809191911,"flow_dst_last_pkt_time":1452082809230738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703746016700,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703820776166,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703820776166,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1643703820776166,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1643703820776166,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAALGdvQAA\/EZwkCoxDp5SZVWHYahd4ABjVkQEAAAAAAAAAAAAAAAAAARw="} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGdwQABAEZsbCoxDp5SZVWHYahd4ACCGGoFvzdIeUTH\/uAl02AAAARxIC+RVvxSYfA=="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAM2d0QABAEZsYCoxDp5SZVWHYahd4AB\/BqIFvzdMeUTW\/uAl02AAAARxIBuN5wSRY"} -00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAM2d4QABAEZsUCoxDp5SZVWHYahd4AB+954FvzdQeUTl\/uAl02AAAARxIBuN5wSRY"} -00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703820864329,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703820776166,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703820776166,"vlan_id":1508,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1643703820776166,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1643703820776166,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAALGdvQAA\/EZwkCoxDp5SZVWHYahd4ABjVkQEAAAAAAAAAAAAAAAAAARw="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGdwQABAEZsbCoxDp5SZVWHYahd4ACCGGoFvzdIeUTH\/uAl02AAAARxIC+RVvxSYfA=="} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAM2d0QABAEZsYCoxDp5SZVWHYahd4AB\/BqIFvzdMeUTW\/uAl02AAAARxIBuN5wSRY"} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAM2d4QABAEZsUCoxDp5SZVWHYahd4AB+954FvzdQeUTl\/uAl02AAAARxIBuN5wSRY"} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703820864329,"vlan_id":1508,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":19,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703746016700,"flow_dst_last_pkt_time":1643703746015681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1104,"flow_src_tot_l4_payload_len":993,"flow_dst_tot_l4_payload_len":13839,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"vlan_id":1508,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1643703821596170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 @@ -48,6 +48,6 @@ ~~ total memory freed........: 6653877 bytes ~~ total allocations/frees...: 114167/114167 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 540 chars +~~ json message min len.......: 546 chars ~~ json message max len.......: 2487 chars -~~ json message avg len.......: 1513 chars +~~ json message avg len.......: 1516 chars diff --git a/test/results/default/smb_frags.pcap.out b/test/results/default/smb_frags.pcap.out index 6978ea534..37c59b327 100644 --- a/test/results/default/smb_frags.pcap.out +++ b/test/results/default/smb_frags.pcap.out @@ -1,13 +1,13 @@ 00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00789{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} -00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623514369772545,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369772545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"} -00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369868191,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"} -00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623514369870545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":121,"pkt_l4_len":83,"thread_ts_usec":1623514369870545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAZ5dXQAA+BrUgCsrTfQrKBwjTaAG9gKLxE2eK5YaAGAgZ+EgAAAEBCArORwytjCinFwAAAC\/\/U01CcgAAAAAYBdgAAAAAAAAAAAAAAAD\/\/wEA\/\/8BAAAMAAJOVCBMTSAwLjEyAA=="} -00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623514369870545,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":279,"pkt_l4_len":241,"thread_ts_usec":1623514370251341,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQABBU53QAB8Br9iCsoHCArK030BvdNoZ4rlhoCi8UaAGAQChHEAAAEBCAqMKKimzkcMrQAAAM3\/U01CcgAAAACYBdgAAAAAAAAAAAAAAAD\/\/wEA\/\/8BABEAAA8yAAEABEEAAAAAAQAAAAAA\/PMBgCVAmaKlX9cBEP8AiAA6Rp1HYg1YTqLSmkcnpK8KYHYGBisGAQUFAqBsMGqgPDA6BgorBgEEAYI3AgIeBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMqMCigJhskbm90X2RlZmluZWRfaW5fUkZDNDE3OEBwbGVhc2VfaWdub3Jl"} -02403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1438,"pkt_l4_len":1400,"thread_ts_usec":1623514370258205,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAFjJdYQAA+Bq\/6CsrTfQrKBwjTaAG9gKLxRmeK5leAEAgZ6PkAAAEBCArORw4xjCiopgAABjz\/U01CcwAAAAAYBdgAAAAAAAAAAAAAAAAAAAEAAAABAAz\/AAAABEEyAAEAAAAAAK8FAAAAAP\/SAIABBmCCBasGggAGKwYBBQUCoIIFnTCCBZmgggARMIIADQaCAAkqhkiG9xIBAgKiggWABIIFfGCCBXgGCSqGSIb3EgECAgEAboIFZzCCBWOgAwIBBaEDAgEOogcDBQAgAAAAo4IEcmGCBG4wggRqoAMCAQWhFBsSQ0lWSUxQRU5TSU9OLkxPQ0FMoi0wK6ADAgEDoSQwIhsEY2lmcxsaaHFkYy0wMi5jaXZpbHBlbnNpb24ubG9jYWyjggQcMIIEGKADAgESoQMCASCiggQKBIIEBmtnVxcxBmkz4ZUsh+F3XvsymQ5mvu2LX+7W56rZEvZ1qmgF5eVUK11Yc3PdU24ZptZsf6GIgZZft7fDTc9iDA3FbzTWHDPjEHl6G+GfrKQ\/U66sLyoe01eLCDNDlzdYPbQNI5B+D7epgO3OqLoFCxgQnXg89dHq7kxLRlfyZ75yHYmd3cly0qeBA8TtEpLELIy5RDwh88Bbqx9lJkPNQiMt24H0yao67pgfp9aEdZ4Emm7xmyPRkPeqZWtM0bkNvn+WavQvx80wJ6ZQyFIXkOPKpVcd2AB5qVKkumKBLzfPVIv+5LsBnADCgXZoEckKZht4ry7NolrE+0HKHhPwkaoxc8bqcUuiYOluxmO4DjfSfFQueOoelGhXJ6pEhCQozBPoeArsog\/CMnvfwyGHeu2So9navfrEV7TGs9oPppW3oNCUuXo36cbimBLvIiY+Pgl\/ynJhxwXsO0RkVS9r\/PsoEMTLWDn3S3vAe\/TBqkOtoyPQJWg1FVpj7frmvNArPBFi14wVJfxtnd\/+3wtnQozSQyeZaiwe0Uki1A7mEEoQtV7AOgPYFp8ri4dHhClZYELTbpijGa0Jwtj6x6ZJsOiFg2SsOWyGploNv1wUt9FpkKTtjSnMILP9mkkt0GsDX19lwQbnfeVgl0kxeaZBDtMtasDDJW8MObctlpQH6UeIoFh4zd\/+AvklrnI66FLbyQfjFSQzmIzIW3ydE4bjVtwWmU1a9nvT5VzFxoGr9N75Jd1QR+seVejR1FQ5L+uOs9WAbzPwvooNtGJ9P10oltq2AAtLxvL22QGd7qWFsKNlILCcAk48pdh4wUcKf+EMjG6Xonr4DPvLkEyb43oHO1NuXf6G+7ier+62p0AeSbzutesdffNAKWx8nx125SeKQpNnBXnpDRdJnIJIcuLAdAebbsP88MDOzOSgr6S6eirG1TuF29PveiUZjxoiDLHdsyainMdtGrd0\/Ydkl2AhTK3O7gYsi1PPi2xvUVmDCWCipGeZ\/HFXUKBq15ucDAkq0dcppKqtynTA4t8XrmdpQTW\/R3zKQXp4YteUcutVoA63U60MWJlP325IMdQpih2Uk59JH5Dnux3Rd568y7AglM4Wn\/qV3HT6TOIU2RCepqW+t\/HKqI4PXOnM+5Qj2R2MJ25pMdBIvMiBfAjqOHwQwwec\/8syUlp9kgV4g09X0ubW+5o5iaoEB4ngqDTvZXkAfrGm9\/PFvCCGKK5LcZsH76QYjCwvtb7o+MxSnlo+MKjMgwdfysFP0RY4mM0xlHSbO4qyXFBgLhHZiagn1nbfnXKd28YECfDeWdHC\/Ig4+JxagNp\/3VNKyRkP6A4EbfQ3batKWXNlXzxKQjFl\/HI4d1Rq1dIh9CGkgdcwgdSgAwIBEqKBzASByVkzbk+ekX38PCwMB3OZSxR7r8vyZItGdtHn7\/EFdfCld4D4NfFt4ny5\/YJLf0FZrLolqw=="} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":1419,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1623514370258205,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":""}} -01323{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370351676,"flow_dst_last_pkt_time":1623514370345783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1623514370351676,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623514369772545,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369772545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369868191,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"} +00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623514369870545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":121,"pkt_l4_len":83,"thread_ts_usec":1623514369870545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAZ5dXQAA+BrUgCsrTfQrKBwjTaAG9gKLxE2eK5YaAGAgZ+EgAAAEBCArORwytjCinFwAAAC\/\/U01CcgAAAAAYBdgAAAAAAAAAAAAAAAD\/\/wEA\/\/8BAAAMAAJOVCBMTSAwLjEyAA=="} +00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623514369870545,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":279,"pkt_l4_len":241,"thread_ts_usec":1623514370251341,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQABBU53QAB8Br9iCsoHCArK030BvdNoZ4rlhoCi8UaAGAQChHEAAAEBCAqMKKimzkcMrQAAAM3\/U01CcgAAAACYBdgAAAAAAAAAAAAAAAD\/\/wEA\/\/8BABEAAA8yAAEABEEAAAAAAQAAAAAA\/PMBgCVAmaKlX9cBEP8AiAA6Rp1HYg1YTqLSmkcnpK8KYHYGBisGAQUFAqBsMGqgPDA6BgorBgEEAYI3AgIeBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqMqMCigJhskbm90X2RlZmluZWRfaW5fUkZDNDE3OEBwbGVhc2VfaWdub3Jl"} +02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1438,"pkt_l4_len":1400,"thread_ts_usec":1623514370258205,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAFjJdYQAA+Bq\/6CsrTfQrKBwjTaAG9gKLxRmeK5leAEAgZ6PkAAAEBCArORw4xjCiopgAABjz\/U01CcwAAAAAYBdgAAAAAAAAAAAAAAAAAAAEAAAABAAz\/AAAABEEyAAEAAAAAAK8FAAAAAP\/SAIABBmCCBasGggAGKwYBBQUCoIIFnTCCBZmgggARMIIADQaCAAkqhkiG9xIBAgKiggWABIIFfGCCBXgGCSqGSIb3EgECAgEAboIFZzCCBWOgAwIBBaEDAgEOogcDBQAgAAAAo4IEcmGCBG4wggRqoAMCAQWhFBsSQ0lWSUxQRU5TSU9OLkxPQ0FMoi0wK6ADAgEDoSQwIhsEY2lmcxsaaHFkYy0wMi5jaXZpbHBlbnNpb24ubG9jYWyjggQcMIIEGKADAgESoQMCASCiggQKBIIEBmtnVxcxBmkz4ZUsh+F3XvsymQ5mvu2LX+7W56rZEvZ1qmgF5eVUK11Yc3PdU24ZptZsf6GIgZZft7fDTc9iDA3FbzTWHDPjEHl6G+GfrKQ\/U66sLyoe01eLCDNDlzdYPbQNI5B+D7epgO3OqLoFCxgQnXg89dHq7kxLRlfyZ75yHYmd3cly0qeBA8TtEpLELIy5RDwh88Bbqx9lJkPNQiMt24H0yao67pgfp9aEdZ4Emm7xmyPRkPeqZWtM0bkNvn+WavQvx80wJ6ZQyFIXkOPKpVcd2AB5qVKkumKBLzfPVIv+5LsBnADCgXZoEckKZht4ry7NolrE+0HKHhPwkaoxc8bqcUuiYOluxmO4DjfSfFQueOoelGhXJ6pEhCQozBPoeArsog\/CMnvfwyGHeu2So9navfrEV7TGs9oPppW3oNCUuXo36cbimBLvIiY+Pgl\/ynJhxwXsO0RkVS9r\/PsoEMTLWDn3S3vAe\/TBqkOtoyPQJWg1FVpj7frmvNArPBFi14wVJfxtnd\/+3wtnQozSQyeZaiwe0Uki1A7mEEoQtV7AOgPYFp8ri4dHhClZYELTbpijGa0Jwtj6x6ZJsOiFg2SsOWyGploNv1wUt9FpkKTtjSnMILP9mkkt0GsDX19lwQbnfeVgl0kxeaZBDtMtasDDJW8MObctlpQH6UeIoFh4zd\/+AvklrnI66FLbyQfjFSQzmIzIW3ydE4bjVtwWmU1a9nvT5VzFxoGr9N75Jd1QR+seVejR1FQ5L+uOs9WAbzPwvooNtGJ9P10oltq2AAtLxvL22QGd7qWFsKNlILCcAk48pdh4wUcKf+EMjG6Xonr4DPvLkEyb43oHO1NuXf6G+7ier+62p0AeSbzutesdffNAKWx8nx125SeKQpNnBXnpDRdJnIJIcuLAdAebbsP88MDOzOSgr6S6eirG1TuF29PveiUZjxoiDLHdsyainMdtGrd0\/Ydkl2AhTK3O7gYsi1PPi2xvUVmDCWCipGeZ\/HFXUKBq15ucDAkq0dcppKqtynTA4t8XrmdpQTW\/R3zKQXp4YteUcutVoA63U60MWJlP325IMdQpih2Uk59JH5Dnux3Rd568y7AglM4Wn\/qV3HT6TOIU2RCepqW+t\/HKqI4PXOnM+5Qj2R2MJ25pMdBIvMiBfAjqOHwQwwec\/8syUlp9kgV4g09X0ubW+5o5iaoEB4ngqDTvZXkAfrGm9\/PFvCCGKK5LcZsH76QYjCwvtb7o+MxSnlo+MKjMgwdfysFP0RY4mM0xlHSbO4qyXFBgLhHZiagn1nbfnXKd28YECfDeWdHC\/Ig4+JxagNp\/3VNKyRkP6A4EbfQ3batKWXNlXzxKQjFl\/HI4d1Rq1dIh9CGkgdcwgdSgAwIBEqKBzASByVkzbk+ekX38PCwMB3OZSxR7r8vyZItGdtHn7\/EFdfCld4D4NfFt4ny5\/YJLf0FZrLolqw=="} +01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":1419,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1623514370258205,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":""}} +01338{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370351676,"flow_dst_last_pkt_time":1623514370345783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1623514370351676,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 00795{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 @@ -21,6 +21,6 @@ ~~ total memory freed........: 6644009 bytes ~~ total allocations/frees...: 114032/114032 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 563 chars -~~ json message max len.......: 2408 chars -~~ json message avg len.......: 1434 chars +~~ json message min len.......: 570 chars +~~ json message max len.......: 2423 chars +~~ json message avg len.......: 1445 chars diff --git a/test/results/default/smtp-starttls.pcap.out b/test/results/default/smtp-starttls.pcap.out index c6d02cf1f..412f99590 100644 --- a/test/results/default/smtp-starttls.pcap.out +++ b/test/results/default/smtp-starttls.pcap.out @@ -13,17 +13,17 @@ 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124876854,"flow_dst_last_pkt_time":1388017124876863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":3924,"midstream":0,"thread_ts_usec":1388017124876863,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 02361{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125217215,"flow_dst_last_pkt_time":1388017125228642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1388017125228642,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":29682.5,"max":156957,"stddev":34710.8,"var":1204840832.0,"ent":4.2,"data": [11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080]},"pktlen": {"min":52,"avg":240.3,"max":1470,"stddev":368.1,"var":135468.5,"ent":4.0,"data": [60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133]},"bins": {"c_to_s": [9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1],"entropies": [4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mx.google.com"}} 00800{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} -00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1524746968365832,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968365832,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAgBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS8AAAAAIACIAC67wAAAgQFoAEDAwIBAQQC"} -00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968366576,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwAgBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8kWgX0vYAScIBuawAAAgQFoAEBBAIBAwMH"} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1524746968366827,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":78,"pkt_l4_len":20,"thread_ts_usec":1524746968366827,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAUBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS9XMmfJVAQQLDe+QAA"} -00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1524746968366827,"flow_dst_last_pkt_time":1524746968385593,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":136,"pkt_l4_len":78,"thread_ts_usec":1524746968385593,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwBOBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8lWgX0vVAYAOG6pgAAMjIwIGp3LXZtMDgtaW50LWRucy53ZWJlcm5ldHoubmV0IEVTTVRQIFBvc3RmaXggKFVidW50dSkNCg=="} -00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1524746968396333,"flow_dst_last_pkt_time":1524746968385593,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":128,"pkt_l4_len":70,"thread_ts_usec":1524746968396333,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAABGBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS9XMmfX1AYQKHdNAAARUhMTyBbSVB2NjoyMDAzOmRlOjIwMTY6MTI1OmZjMzY6ODMxNzo0ZTg2OmNiNzJdDQo="} -01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968396333,"flow_dst_last_pkt_time":1524746968396833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1524746968396833,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"jw-vm08-int-dns.webernetz.net","smtp": {"user":"","password":"","auth_failed":0}}} -01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968398581,"flow_dst_last_pkt_time":1524746968397832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1524746968398581,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968398581,"flow_dst_last_pkt_time":1524746968403958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1524746968403958,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -02568{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968661622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968662121,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19099.3,"max":202908,"stddev":48707.1,"var":2372380928.0,"ent":2.8,"data": [744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736]},"pktlen": {"min":60,"avg":180.5,"max":1200,"stddev":257.1,"var":66086.8,"ent":4.2,"data": [72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60]},"bins": {"c_to_s": [7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0],"entropies": [4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"dovecot.weberlab.de"}} -01379{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968663137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"dovecot.weberlab.de"}} +00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1524746968365832,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968365832,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAgBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS8AAAAAIACIAC67wAAAgQFoAEDAwIBAQQC"} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968366576,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwAgBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8kWgX0vYAScIBuawAAAgQFoAEBBAIBAwMH"} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1524746968366827,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":78,"pkt_l4_len":20,"thread_ts_usec":1524746968366827,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAUBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS9XMmfJVAQQLDe+QAA"} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1524746968366827,"flow_dst_last_pkt_time":1524746968385593,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":136,"pkt_l4_len":78,"thread_ts_usec":1524746968385593,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwBOBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8lWgX0vVAYAOG6pgAAMjIwIGp3LXZtMDgtaW50LWRucy53ZWJlcm5ldHoubmV0IEVTTVRQIFBvc3RmaXggKFVidW50dSkNCg=="} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1524746968396333,"flow_dst_last_pkt_time":1524746968385593,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":128,"pkt_l4_len":70,"thread_ts_usec":1524746968396333,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAABGBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS9XMmfX1AYQKHdNAAARUhMTyBbSVB2NjoyMDAzOmRlOjIwMTY6MTI1OmZjMzY6ODMxNzo0ZTg2OmNiNzJdDQo="} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968396333,"flow_dst_last_pkt_time":1524746968396833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1524746968396833,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"jw-vm08-int-dns.webernetz.net","smtp": {"user":"","password":"","auth_failed":0}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968398581,"flow_dst_last_pkt_time":1524746968397832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1524746968398581,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968398581,"flow_dst_last_pkt_time":1524746968403958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1524746968403958,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +02582{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968661622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968662121,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19099.3,"max":202908,"stddev":48707.1,"var":2372380928.0,"ent":2.8,"data": [744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736]},"pktlen": {"min":60,"avg":180.5,"max":1200,"stddev":257.1,"var":66086.8,"ent":4.2,"data": [72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60]},"bins": {"c_to_s": [7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0],"entropies": [4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"dovecot.weberlab.de"}} +01393{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968663137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968663137,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"dovecot.weberlab.de"}} 01143{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":19,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125228821,"flow_dst_last_pkt_time":1388017125239930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mx.google.com"}} 00802{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":69,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -39,5 +39,5 @@ ~~ total allocations/frees...: 114135/114135 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars -~~ json message max len.......: 2573 chars -~~ json message avg len.......: 1555 chars +~~ json message max len.......: 2587 chars +~~ json message avg len.......: 1562 chars diff --git a/test/results/default/snmp.pcap.out b/test/results/default/snmp.pcap.out index 15827430e..c9552f95a 100644 --- a/test/results/default/snmp.pcap.out +++ b/test/results/default/snmp.pcap.out @@ -116,26 +116,26 @@ 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328660640336,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328704045369,"flow_src_last_pkt_time":1597328710051817,"flow_dst_last_pkt_time":1597328704045369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1643702947966305} -00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702947966305,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} -01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":19}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702947966305,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} +01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":19}}} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328660640336,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328704045369,"flow_src_last_pkt_time":1597328710051817,"flow_dst_last_pkt_time":1597328704045369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328757701238,"flow_src_last_pkt_time":1597328765050571,"flow_dst_last_pkt_time":1597328757701238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"124.53.196.176","dst_ip":"103.248.22.47","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328734790652,"flow_src_last_pkt_time":1597328742081478,"flow_dst_last_pkt_time":1597328734790652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"205.83.36.228","dst_ip":"160.174.106.32","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1643702958965878,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702958965878,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1fKQAABAEXgOCucChgpI9wQAoe6gAMFeTzCCALUCAQEEBGFkc2yiggCoAgJkSQIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} -00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1643702975965040,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702975965040,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1RJZAABAEVhGCucChgpI9wQAoe6gAME\/TzCCALUCAQEEBGFkc2yiggCoAgJkaAIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} -00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987695436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1097,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702987695436,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987695436,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1143,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1143,"pkt_l4_len":1105,"thread_ts_usec":1643702987695436,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAEZQAAQAA7ESDXCmMIWApk\/ZKo6gChBFEqBzCCBEUCAQEEBnB1YmxpY6CCBDYCBCYSfb8CAQACAQAwggQmMA8GCysGAQIBHwEBAQZkBQAwDwYLKwYBAgEfAQEBCmwFADAPBgsrBgECAR8BAQEKBgUAMA8GCysGAQIBHwEBAQYLBQAwDwYLKwYBAgEfAQEBBk4FADAPBgsrBgECAR8BAQEGXQUAMA8GCysGAQIBHwEBAQpFBQAwDwYLKwYBAgEfAQEBCgEFADAPBgsrBgECAWMBAQEEEQUAMBAGDCsGAQIBHwEBAQaBAAUAMA8GCysGAQIBHwEBAQoDBQAwDwYLKwYBAgEfAQEBBmMFADAQBgwrBgECAR8BAQEKgRAFADAPBgsrBgECAR8BAQEGSAUAMA8GCysGAQIBHwEBAQoWBQAwDwYLKwYBAgFjAQEBBBMFADAPBgsrBgECAR8BAQEKRwUAMBAGDCsGAQIBHwEBAQaBCQUAMA8GCysGAQIBHwEBAQYCBQAwDwYLKwYBAgEfAQEBCkwFADAPBgsrBgECAR8BAQEKXgUAMA8GCysGAQIBHwEBAQpvBQAwDwYLKwYBAgEfAQEBCmEFADAPBgsrBgECAR8BAQEKOAUAMA8GCysGAQIBHwEBAQo\/BQAwDwYLKwYBAgEfAQEBBnYFADAPBgsrBgECAR8BAQEKFAUAMA8GCysGAQIBHwEBAQZfBQAwDwYLKwYBAgEfAQEBCkIFADAPBgsrBgECAR8BAQEKXwUAMA8GCysGAQIBHwEBAQZgBQAwEAYMKwYBAgEfAQEBCoEOBQAwEAYMKwYBAgEfAQEBBoELBQAwDwYLKwYBAgEfAQEBCjcFADAPBgsrBgECAR8BAQEKRgUAMBAGDCsGAQIBHwEBAQqBBwUAMBAGDCsGAQIBHwEBAQqETAUAMBAGDCsGAQIBHwEBAQqBDAUAMA8GCysGAQIBHwEBAQZHBQAwDwYLKwYBAgEfAQEBBlgFADAPBgsrBgECAR8BAQEGPQUAMA8GCysGAQIBHwEBAQZuBQAwDwYLKwYBAgEfAQEBBj4FADAPBgsrBgECAR8BAQEGUAUAMA8GCysGAQIBHwEBAQZpBQAwDwYLKwYBAgEfAQEBBnoFADAPBgsrBgECAR8BAQEKfwUAMA8GCysGAQIBHwEBAQZeBQAwDwYLKwYBAgEfAQEBBhQFADAPBgsrBgECAR8BAQEKTQUAMA8GCysGAQIBHwEBAQYEBQAwDwYLKwYBAgEfAQEBCjwFADAPBgsrBgECAR8BAQEKCgUAMA8GCysGAQIBHwEBAQYPBQAwDwYLKwYBAgEfAQEBBnsFADAPBgsrBgECAR8BAQEKeAUAMA8GCysGAQIBHwEBAQZUBQAwDwYLKwYBAgEfAQEBClUFADAPBgsrBgECAR8BAQEKewUAMA8GCysGAQIBHwEBAQZlBQAwDwYLKwYBAgEfAQEBBksFADAPBgsrBgECAR8BAQEGUgUA"} -00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987695436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1097,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702987695436,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":0,"error_status":0}}} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987761622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1643702987761622,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAOaWFAAA+Ebx9CmT9kgpjCFgAoajqACXVjjAbAgEBBAZwdWJsaWOiDgIEJhJ9vwIBAQIBADAA"} -01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987761622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1097,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":29,"midstream":0,"thread_ts_usec":1643702987761622,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":1}}} -01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1643702987763067,"flow_dst_last_pkt_time":1643702987761622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":611,"pkt_l4_len":573,"thread_ts_usec":1643702987763067,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACUQAAQAA7ESLrCmMIWApk\/ZKo6gChAj3MpjCCAjECAQEEBnB1YmxpY6CCAiICBCYSfcACAQACAQAwggISMA8GCysGAQIBHwEBAQZkBQAwDwYLKwYBAgEfAQEBCmwFADAPBgsrBgECAR8BAQEKBgUAMA8GCysGAQIBHwEBAQYLBQAwDwYLKwYBAgEfAQEBBk4FADAPBgsrBgECAR8BAQEGXQUAMA8GCysGAQIBHwEBAQpFBQAwDwYLKwYBAgEfAQEBCgEFADAPBgsrBgECAWMBAQEEEQUAMBAGDCsGAQIBHwEBAQaBAAUAMA8GCysGAQIBHwEBAQoDBQAwDwYLKwYBAgEfAQEBBmMFADAQBgwrBgECAR8BAQEKgRAFADAPBgsrBgECAR8BAQEGSAUAMA8GCysGAQIBHwEBAQoWBQAwDwYLKwYBAgFjAQEBBBMFADAPBgsrBgECAR8BAQEKRwUAMBAGDCsGAQIBHwEBAQaBCQUAMA8GCysGAQIBHwEBAQYCBQAwDwYLKwYBAgEfAQEBCkwFADAPBgsrBgECAR8BAQEKXgUAMA8GCysGAQIBHwEBAQpvBQAwDwYLKwYBAgEfAQEBCmEFADAPBgsrBgECAR8BAQEKOAUAMA8GCysGAQIBHwEBAQo\/BQAwDwYLKwYBAgEfAQEBBnYFADAPBgsrBgECAR8BAQEKFAUAMA8GCysGAQIBHwEBAQZfBQAwDwYLKwYBAgEfAQEBCkIFADAPBgsrBgECAR8BAQEKXwUAMA8GCysGAQIBHwEBAQZgBQA="} -01402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1643702987763067,"flow_dst_last_pkt_time":1643702987782892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":710,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":710,"pkt_l4_len":672,"thread_ts_usec":1643702987782892,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACtKWHAAA+EboACmT9kgpjCFgAoajqAqBBSTCCApQCAQEEBnB1YmxpY6KCAoUCBCYSfcACAQACAQAwggJ1MBAGCysGAQIBHwEBAQZkRgEAMBAGCysGAQIBHwEBAQpsRgEAMBAGCysGAQIBHwEBAQoGRgEAMBQGCysGAQIBHwEBAQYLRgUXp1N9djAQBgsrBgECAR8BAQEGTkYBADATBgsrBgECAR8BAQEGXUYEBXqByDAUBgsrBgECAR8BAQEKRUYFAZFCY\/cwEwYLKwYBAgEfAQEBCgFGBAuEjtkwEAYLKwYBAgFjAQEBBBECATYwEQYMKwYBAgEfAQEBBoEARgEAMBMGCysGAQIBHwEBAQoDRgQNJQJuMBAGCysGAQIBHwEBAQZjRgEAMBEGDCsGAQIBHwEBAQqBEEYBADATBgsrBgECAR8BAQEGSEYEXuVZIjAUBgsrBgECAR8BAQEKFkYFA8yD5kAwEAYLKwYBAgFjAQEBBBMCASMwFAYLKwYBAgEfAQEBCkdGBQCjJTv1MBEGDCsGAQIBHwEBAQaBCUYBADAQBgsrBgECAR8BAQEGAkYBADAQBgsrBgECAR8BAQEKTEYBADAUBgsrBgECAR8BAQEKXkYFAMYICRIwFAYLKwYBAgEfAQEBCm9GBQDKJK3WMBQGCysGAQIBHwEBAQphRgUAwPMhwzAUBgsrBgECAR8BAQEKOEYFAt9bs3cwFAYLKwYBAgEfAQEBCj9GBQPIie1eMBMGCysGAQIBHwEBAQZ2RgREuhKCMBQGCysGAQIBHwEBAQoURgUB283+vDATBgsrBgECAR8BAQEGX0YEAlPHnTAUBgsrBgECAR8BAQEKQkYFAXd63RowEwYLKwYBAgEfAQEBCl9GBB7+S0owEwYLKwYBAgEfAQEBBmBGBBa15qI="} -01274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987782892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":613,"pkt_l4_len":575,"thread_ts_usec":1643702987784304,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACUwAAQAA7ESLpCmMIWApk\/ZKo6gChAj8pXzCCAjMCAQEEBnB1YmxpY6CCAiQCBCYSfcECAQACAQAwggIUMBAGDCsGAQIBHwEBAQqBDgUAMBAGDCsGAQIBHwEBAQaBCwUAMA8GCysGAQIBHwEBAQo3BQAwDwYLKwYBAgEfAQEBCkYFADAQBgwrBgECAR8BAQEKgQcFADAQBgwrBgECAR8BAQEKhEwFADAQBgwrBgECAR8BAQEKgQwFADAPBgsrBgECAR8BAQEGRwUAMA8GCysGAQIBHwEBAQZYBQAwDwYLKwYBAgEfAQEBBj0FADAPBgsrBgECAR8BAQEGbgUAMA8GCysGAQIBHwEBAQY+BQAwDwYLKwYBAgEfAQEBBlAFADAPBgsrBgECAR8BAQEGaQUAMA8GCysGAQIBHwEBAQZ6BQAwDwYLKwYBAgEfAQEBCn8FADAPBgsrBgECAR8BAQEGXgUAMA8GCysGAQIBHwEBAQYUBQAwDwYLKwYBAgEfAQEBCk0FADAPBgsrBgECAR8BAQEGBAUAMA8GCysGAQIBHwEBAQo8BQAwDwYLKwYBAgEfAQEBCgoFADAPBgsrBgECAR8BAQEGDwUAMA8GCysGAQIBHwEBAQZ7BQAwDwYLKwYBAgEfAQEBCngFADAPBgsrBgECAR8BAQEGVAUAMA8GCysGAQIBHwEBAQpVBQAwDwYLKwYBAgEfAQEBCnsFADAPBgsrBgECAR8BAQEGZQUAMA8GCysGAQIBHwEBAQZLBQAwDwYLKwYBAgEfAQEBBlIFAA=="} -00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643703001963541,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1WA+AABAEQphCucChgpI9wQAoe6gAMEJTzCCALUCAQEEBGFkc2yiggCoAgJkngIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} -01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987801396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":565,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":671,"flow_src_tot_l4_payload_len":2229,"flow_dst_tot_l4_payload_len":1364,"midstream":0,"thread_ts_usec":1643703001963541,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703001963541,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1643702958965878,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702958965878,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1fKQAABAEXgOCucChgpI9wQAoe6gAMFeTzCCALUCAQEEBGFkc2yiggCoAgJkSQIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} +00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1643702975965040,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702975965040,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1RJZAABAEVhGCucChgpI9wQAoe6gAME\/TzCCALUCAQEEBGFkc2yiggCoAgJkaAIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987695436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1097,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702987695436,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01997{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987695436,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1143,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1143,"pkt_l4_len":1105,"thread_ts_usec":1643702987695436,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAEZQAAQAA7ESDXCmMIWApk\/ZKo6gChBFEqBzCCBEUCAQEEBnB1YmxpY6CCBDYCBCYSfb8CAQACAQAwggQmMA8GCysGAQIBHwEBAQZkBQAwDwYLKwYBAgEfAQEBCmwFADAPBgsrBgECAR8BAQEKBgUAMA8GCysGAQIBHwEBAQYLBQAwDwYLKwYBAgEfAQEBBk4FADAPBgsrBgECAR8BAQEGXQUAMA8GCysGAQIBHwEBAQpFBQAwDwYLKwYBAgEfAQEBCgEFADAPBgsrBgECAWMBAQEEEQUAMBAGDCsGAQIBHwEBAQaBAAUAMA8GCysGAQIBHwEBAQoDBQAwDwYLKwYBAgEfAQEBBmMFADAQBgwrBgECAR8BAQEKgRAFADAPBgsrBgECAR8BAQEGSAUAMA8GCysGAQIBHwEBAQoWBQAwDwYLKwYBAgFjAQEBBBMFADAPBgsrBgECAR8BAQEKRwUAMBAGDCsGAQIBHwEBAQaBCQUAMA8GCysGAQIBHwEBAQYCBQAwDwYLKwYBAgEfAQEBCkwFADAPBgsrBgECAR8BAQEKXgUAMA8GCysGAQIBHwEBAQpvBQAwDwYLKwYBAgEfAQEBCmEFADAPBgsrBgECAR8BAQEKOAUAMA8GCysGAQIBHwEBAQo\/BQAwDwYLKwYBAgEfAQEBBnYFADAPBgsrBgECAR8BAQEKFAUAMA8GCysGAQIBHwEBAQZfBQAwDwYLKwYBAgEfAQEBCkIFADAPBgsrBgECAR8BAQEKXwUAMA8GCysGAQIBHwEBAQZgBQAwEAYMKwYBAgEfAQEBCoEOBQAwEAYMKwYBAgEfAQEBBoELBQAwDwYLKwYBAgEfAQEBCjcFADAPBgsrBgECAR8BAQEKRgUAMBAGDCsGAQIBHwEBAQqBBwUAMBAGDCsGAQIBHwEBAQqETAUAMBAGDCsGAQIBHwEBAQqBDAUAMA8GCysGAQIBHwEBAQZHBQAwDwYLKwYBAgEfAQEBBlgFADAPBgsrBgECAR8BAQEGPQUAMA8GCysGAQIBHwEBAQZuBQAwDwYLKwYBAgEfAQEBBj4FADAPBgsrBgECAR8BAQEGUAUAMA8GCysGAQIBHwEBAQZpBQAwDwYLKwYBAgEfAQEBBnoFADAPBgsrBgECAR8BAQEKfwUAMA8GCysGAQIBHwEBAQZeBQAwDwYLKwYBAgEfAQEBBhQFADAPBgsrBgECAR8BAQEKTQUAMA8GCysGAQIBHwEBAQYEBQAwDwYLKwYBAgEfAQEBCjwFADAPBgsrBgECAR8BAQEKCgUAMA8GCysGAQIBHwEBAQYPBQAwDwYLKwYBAgEfAQEBBnsFADAPBgsrBgECAR8BAQEKeAUAMA8GCysGAQIBHwEBAQZUBQAwDwYLKwYBAgEfAQEBClUFADAPBgsrBgECAR8BAQEKewUAMA8GCysGAQIBHwEBAQZlBQAwDwYLKwYBAgEfAQEBBksFADAPBgsrBgECAR8BAQEGUgUA"} +00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987695436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1097,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702987695436,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":0,"error_status":0}}} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987761622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_usec":1643702987761622,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAOaWFAAA+Ebx9CmT9kgpjCFgAoajqACXVjjAbAgEBBAZwdWJsaWOiDgIEJhJ9vwIBAQIBADAA"} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987695436,"flow_dst_last_pkt_time":1643702987761622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1097,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":29,"midstream":0,"thread_ts_usec":1643702987761622,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":1}}} +01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1643702987763067,"flow_dst_last_pkt_time":1643702987761622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":611,"pkt_l4_len":573,"thread_ts_usec":1643702987763067,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACUQAAQAA7ESLrCmMIWApk\/ZKo6gChAj3MpjCCAjECAQEEBnB1YmxpY6CCAiICBCYSfcACAQACAQAwggISMA8GCysGAQIBHwEBAQZkBQAwDwYLKwYBAgEfAQEBCmwFADAPBgsrBgECAR8BAQEKBgUAMA8GCysGAQIBHwEBAQYLBQAwDwYLKwYBAgEfAQEBBk4FADAPBgsrBgECAR8BAQEGXQUAMA8GCysGAQIBHwEBAQpFBQAwDwYLKwYBAgEfAQEBCgEFADAPBgsrBgECAWMBAQEEEQUAMBAGDCsGAQIBHwEBAQaBAAUAMA8GCysGAQIBHwEBAQoDBQAwDwYLKwYBAgEfAQEBBmMFADAQBgwrBgECAR8BAQEKgRAFADAPBgsrBgECAR8BAQEGSAUAMA8GCysGAQIBHwEBAQoWBQAwDwYLKwYBAgFjAQEBBBMFADAPBgsrBgECAR8BAQEKRwUAMBAGDCsGAQIBHwEBAQaBCQUAMA8GCysGAQIBHwEBAQYCBQAwDwYLKwYBAgEfAQEBCkwFADAPBgsrBgECAR8BAQEKXgUAMA8GCysGAQIBHwEBAQpvBQAwDwYLKwYBAgEfAQEBCmEFADAPBgsrBgECAR8BAQEKOAUAMA8GCysGAQIBHwEBAQo\/BQAwDwYLKwYBAgEfAQEBBnYFADAPBgsrBgECAR8BAQEKFAUAMA8GCysGAQIBHwEBAQZfBQAwDwYLKwYBAgEfAQEBCkIFADAPBgsrBgECAR8BAQEKXwUAMA8GCysGAQIBHwEBAQZgBQA="} +01417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1643702987763067,"flow_dst_last_pkt_time":1643702987782892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":710,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":710,"pkt_l4_len":672,"thread_ts_usec":1643702987782892,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACtKWHAAA+EboACmT9kgpjCFgAoajqAqBBSTCCApQCAQEEBnB1YmxpY6KCAoUCBCYSfcACAQACAQAwggJ1MBAGCysGAQIBHwEBAQZkRgEAMBAGCysGAQIBHwEBAQpsRgEAMBAGCysGAQIBHwEBAQoGRgEAMBQGCysGAQIBHwEBAQYLRgUXp1N9djAQBgsrBgECAR8BAQEGTkYBADATBgsrBgECAR8BAQEGXUYEBXqByDAUBgsrBgECAR8BAQEKRUYFAZFCY\/cwEwYLKwYBAgEfAQEBCgFGBAuEjtkwEAYLKwYBAgFjAQEBBBECATYwEQYMKwYBAgEfAQEBBoEARgEAMBMGCysGAQIBHwEBAQoDRgQNJQJuMBAGCysGAQIBHwEBAQZjRgEAMBEGDCsGAQIBHwEBAQqBEEYBADATBgsrBgECAR8BAQEGSEYEXuVZIjAUBgsrBgECAR8BAQEKFkYFA8yD5kAwEAYLKwYBAgFjAQEBBBMCASMwFAYLKwYBAgEfAQEBCkdGBQCjJTv1MBEGDCsGAQIBHwEBAQaBCUYBADAQBgsrBgECAR8BAQEGAkYBADAQBgsrBgECAR8BAQEKTEYBADAUBgsrBgECAR8BAQEKXkYFAMYICRIwFAYLKwYBAgEfAQEBCm9GBQDKJK3WMBQGCysGAQIBHwEBAQphRgUAwPMhwzAUBgsrBgECAR8BAQEKOEYFAt9bs3cwFAYLKwYBAgEfAQEBCj9GBQPIie1eMBMGCysGAQIBHwEBAQZ2RgREuhKCMBQGCysGAQIBHwEBAQoURgUB283+vDATBgsrBgECAR8BAQEGX0YEAlPHnTAUBgsrBgECAR8BAQEKQkYFAXd63RowEwYLKwYBAgEfAQEBCl9GBB7+S0owEwYLKwYBAgEfAQEBBmBGBBa15qI="} +01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987782892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":613,"pkt_l4_len":575,"thread_ts_usec":1643702987784304,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACUwAAQAA7ESLpCmMIWApk\/ZKo6gChAj8pXzCCAjMCAQEEBnB1YmxpY6CCAiQCBCYSfcECAQACAQAwggIUMBAGDCsGAQIBHwEBAQqBDgUAMBAGDCsGAQIBHwEBAQaBCwUAMA8GCysGAQIBHwEBAQo3BQAwDwYLKwYBAgEfAQEBCkYFADAQBgwrBgECAR8BAQEKgQcFADAQBgwrBgECAR8BAQEKhEwFADAQBgwrBgECAR8BAQEKgQwFADAPBgsrBgECAR8BAQEGRwUAMA8GCysGAQIBHwEBAQZYBQAwDwYLKwYBAgEfAQEBBj0FADAPBgsrBgECAR8BAQEGbgUAMA8GCysGAQIBHwEBAQY+BQAwDwYLKwYBAgEfAQEBBlAFADAPBgsrBgECAR8BAQEGaQUAMA8GCysGAQIBHwEBAQZ6BQAwDwYLKwYBAgEfAQEBCn8FADAPBgsrBgECAR8BAQEGXgUAMA8GCysGAQIBHwEBAQYUBQAwDwYLKwYBAgEfAQEBCk0FADAPBgsrBgECAR8BAQEGBAUAMA8GCysGAQIBHwEBAQo8BQAwDwYLKwYBAgEfAQEBCgoFADAPBgsrBgECAR8BAQEGDwUAMA8GCysGAQIBHwEBAQZ7BQAwDwYLKwYBAgEfAQEBCngFADAPBgsrBgECAR8BAQEGVAUAMA8GCysGAQIBHwEBAQpVBQAwDwYLKwYBAgEfAQEBCnsFADAPBgsrBgECAR8BAQEGZQUAMA8GCysGAQIBHwEBAQZLBQAwDwYLKwYBAgEfAQEBBlIFAA=="} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643703001963541,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1WA+AABAEQphCucChgpI9wQAoe6gAMEJTzCCALUCAQEEBGFkc2yiggCoAgJkngIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} +01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987801396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":565,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":671,"flow_src_tot_l4_payload_len":2229,"flow_dst_tot_l4_payload_len":1364,"midstream":0,"thread_ts_usec":1643703001963541,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703001963541,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00799{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":72,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":7,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":139,"global_ts_usec":1643703001963541} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 72/72 @@ -149,6 +149,6 @@ ~~ total memory freed........: 6680398 bytes ~~ total allocations/frees...: 114268/114268 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 555 chars -~~ json message max len.......: 1987 chars -~~ json message avg len.......: 1270 chars +~~ json message min len.......: 565 chars +~~ json message max len.......: 2002 chars +~~ json message avg len.......: 1282 chars diff --git a/test/results/default/soap.pcap.out b/test/results/default/soap.pcap.out index 3f44ed99b..0e1e81b86 100644 --- a/test/results/default/soap.pcap.out +++ b/test/results/default/soap.pcap.out @@ -10,14 +10,14 @@ 02464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} 01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} 00791{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} -00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} -02174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_usec":1639054092687121,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} -02173{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639054092826306,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092826306,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE86uzQADxBpgGuSDAHlWacnEAUNrcPMefVJW6dgJQGD199lwAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuRE1TQ29uZmlnIiBtaW5vcj0iMzUiIHBhcmFtaGVhZGVybGVuZ3RoPSIxMDc0IiBzaWduYXR1cmU9IlB5TnFZSHVKRElUd1Y1SDlMdVNvbmhKZ09jNmloU3ZOcXBSN1NPL3JZVVJvckI4WDFLd3I2NUlqaGJmd1duWEVZVWpYQURhRUpTeGd4cUxUcEpubnVVME1RaUNHcC84WWlkQ2lBKzdQMHlEYXg3NStiM2lBazEzeHJFRTN5S043SmpvMmlvR3piTDdyVUtUOHZvek1hTkhhN2x2Qmg3YTZnUlRLU3NtM000cVoyVXVkV29TelQ5bEdTMGZ3NG0zN1BPOGtvaWRqdVJ2Vk5sbkxOT0Y2WjBVS01JN0x6SjhiSWdjRWx1eiswYnZvT3lBclRLOE5HOFhiTXlGek84c0xnUEZCQ3c3dHlEWGNWYVkxRGZIS3hPVFFHOUtZcTNEbG54VGJkaHBFK2paU0xvclMvKzc3aXRhZFNqSm54N0xYKzZoY28xVGxsb3FLUzFiQ2dXdS9Odz09IiBzaWduZXI9InQ1TDVobWdCWXBORjVicjBjOGlnOUtCNG8waE5reGk3NVBpZ0pudlN4MW4vZCsrcFl0cXhMU3FYMGY1YTFVeXc1ZG00bHdoZC9ZcVFPYVFpR0hqdjRBQk5rWXFjZW1pMDZGdWVXN0wzM0xqL0U2c1NaSk5hTGtwREFIVjNUUS9ZdUFkeC9iN095WFQ0TmtNdU02bHUzaVgxNWlJeWF6Y0lKNjhVblFQYjNQWklrVUZLNzc0ZFRWc1IwKzJNcWFaSmNQTVQyWWU1TVJMa3kzOGVsckRSOXV2RDA4THNobEpneURSV2ZNVFppMEpGWk5PRE5mQ3VLcStBY012WDF6YzZzMmhPMDBYcjBGVzZ2WDlrREthSHlCNCtDdVQrWWtPMStxV1dlcCs0alcwVkwyTldWRmpFeUpuZi9JSHVIWW9aT2xMNDQ4aTdvNitnTDgrMWhCbDZNUT09IiBrZXk9IkZWclNPNTRGNXZCYkFZZ0N1T1BJL3Rrb05mOXk0Q2dXQVorVm9ibVBkRSs3ZVVPcU02TzZ1SytFZkpuYU5TVzltZDNTWVBXdFVOVi9UZmpIL0dFcXNBQ2FDb3dsUDRBQjJWeGtZMzhQRC9Gb1FKekg4YlhiYitDa3JVaEdiUkNlYlFLQ2pCV2x2VERDeGFWZXlLTnN4OXI1dFppTE82blp0ODFwZnhETzRIWFcyQTZUaVNtRFh6K29RSkFoOC8zUXZEODk0VTRMZGxBdEpOdmNNMUhtcTliZTlyQXVRcWFjSUZBY08zd1Y2ZTFVdlFDOFhrNDVJVVYyTHpXc0d1MTF4VE9HcXp5SEtQYWNWRnlmdjMrSERyM2pMcFREcUVyQ25JK3k4akd2YVkzb2Z0R2FXZ1RTSjZsVlo5QTUvSlEvTVJGNjkyQ3Q1TjVvWndBV3VBejVaUT09IiBpbml0dmVjdG9yPSI4Y3U4UXdpWXRXbTNDNGUzTzB3Wi93PT0iPg0KPC9aTWVzc2FnZT4NCg=="} -01986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} -00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} +02188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_usec":1639054092687121,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} +02187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639054092826306,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092826306,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE86uzQADxBpgGuSDAHlWacnEAUNrcPMefVJW6dgJQGD199lwAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuRE1TQ29uZmlnIiBtaW5vcj0iMzUiIHBhcmFtaGVhZGVybGVuZ3RoPSIxMDc0IiBzaWduYXR1cmU9IlB5TnFZSHVKRElUd1Y1SDlMdVNvbmhKZ09jNmloU3ZOcXBSN1NPL3JZVVJvckI4WDFLd3I2NUlqaGJmd1duWEVZVWpYQURhRUpTeGd4cUxUcEpubnVVME1RaUNHcC84WWlkQ2lBKzdQMHlEYXg3NStiM2lBazEzeHJFRTN5S043SmpvMmlvR3piTDdyVUtUOHZvek1hTkhhN2x2Qmg3YTZnUlRLU3NtM000cVoyVXVkV29TelQ5bEdTMGZ3NG0zN1BPOGtvaWRqdVJ2Vk5sbkxOT0Y2WjBVS01JN0x6SjhiSWdjRWx1eiswYnZvT3lBclRLOE5HOFhiTXlGek84c0xnUEZCQ3c3dHlEWGNWYVkxRGZIS3hPVFFHOUtZcTNEbG54VGJkaHBFK2paU0xvclMvKzc3aXRhZFNqSm54N0xYKzZoY28xVGxsb3FLUzFiQ2dXdS9Odz09IiBzaWduZXI9InQ1TDVobWdCWXBORjVicjBjOGlnOUtCNG8waE5reGk3NVBpZ0pudlN4MW4vZCsrcFl0cXhMU3FYMGY1YTFVeXc1ZG00bHdoZC9ZcVFPYVFpR0hqdjRBQk5rWXFjZW1pMDZGdWVXN0wzM0xqL0U2c1NaSk5hTGtwREFIVjNUUS9ZdUFkeC9iN095WFQ0TmtNdU02bHUzaVgxNWlJeWF6Y0lKNjhVblFQYjNQWklrVUZLNzc0ZFRWc1IwKzJNcWFaSmNQTVQyWWU1TVJMa3kzOGVsckRSOXV2RDA4THNobEpneURSV2ZNVFppMEpGWk5PRE5mQ3VLcStBY012WDF6YzZzMmhPMDBYcjBGVzZ2WDlrREthSHlCNCtDdVQrWWtPMStxV1dlcCs0alcwVkwyTldWRmpFeUpuZi9JSHVIWW9aT2xMNDQ4aTdvNitnTDgrMWhCbDZNUT09IiBrZXk9IkZWclNPNTRGNXZCYkFZZ0N1T1BJL3Rrb05mOXk0Q2dXQVorVm9ibVBkRSs3ZVVPcU02TzZ1SytFZkpuYU5TVzltZDNTWVBXdFVOVi9UZmpIL0dFcXNBQ2FDb3dsUDRBQjJWeGtZMzhQRC9Gb1FKekg4YlhiYitDa3JVaEdiUkNlYlFLQ2pCV2x2VERDeGFWZXlLTnN4OXI1dFppTE82blp0ODFwZnhETzRIWFcyQTZUaVNtRFh6K29RSkFoOC8zUXZEODk0VTRMZGxBdEpOdmNNMUhtcTliZTlyQXVRcWFjSUZBY08zd1Y2ZTFVdlFDOFhrNDVJVVYyTHpXc0d1MTF4VE9HcXp5SEtQYWNWRnlmdjMrSERyM2pMcFREcUVyQ25JK3k4akd2YVkzb2Z0R2FXZ1RTSjZsVlo5QTUvSlEvTVJGNjkyQ3Q1TjVvWndBV3VBejVaUT09IiBpbml0dmVjdG9yPSI4Y3U4UXdpWXRXbTNDNGUzTzB3Wi93PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +02000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} +00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out index 0cdbf0981..a837a68dd 100644 --- a/test/results/default/stun.pcap.out +++ b/test/results/default/stun.pcap.out @@ -1,12 +1,12 @@ 00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00784{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} -00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBfQAB8BgdqCk1uMwrOMu+idKQQzU6or+fFDB9QGAID5RwAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAJL3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAABMgAAAIBwAAQAAAADAAgAFP6Sh2rUbXt5fULrjXmoBfrzHXLRgCgABAIA\/Ec="} -00966{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} -00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBfQAB8BgdqCk1uMwrOMu+idKQQzU6or+fFDB9QGAID5RwAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAJL3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAABMgAAAIBwAAQAAAADAAgAFP6Sh2rUbXt5fULrjXmoBfrzHXLRgCgABAIA\/Ec="} +00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} 00791{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1595356443140497,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwL+tAAEAR+4LAqAypSn33gKgIDZYAHBBnAAEAACESpEJTSGtoRjhvZHdneVY="} @@ -21,7 +21,7 @@ 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356444494918,"pkt":"CL6sCxdumt9Y+uvcCABFwABs98MAAEABcr7AqAypSn33gAMDDJoAAAAARQAAUAEJAABmEURFSn33gMCoDKkNlqgIADx61wEEACAhEqRCamF6aTYyTmZVRDV3AA0ABAAAAAAACAAUCDrQbj\/HZPzecgDWKnOqyyksqcs="} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.279952}} -00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00791{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1614938022295727} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} diff --git a/test/results/default/syslog.pcap.out b/test/results/default/syslog.pcap.out index 6e83e2264..3c1f82642 100644 --- a/test/results/default/syslog.pcap.out +++ b/test/results/default/syslog.pcap.out @@ -19,19 +19,19 @@ 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653841215658,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":20,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} -00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} -00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1488571038381406,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":165,"pkt_l4_len":127,"thread_ts_usec":1488571038381406,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkwBHAAD\/EUitwKh5CsCoeArDoAICAH\/o6TwxODk+NzM6IE1hciAgMyAxOTo1NzoxOC4zNzc6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBkb3du"} +00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1488571038381406,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":165,"pkt_l4_len":127,"thread_ts_usec":1488571038381406,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkwBHAAD\/EUitwKh5CsCoeArDoAICAH\/o6TwxODk+NzM6IE1hciAgMyAxOTo1NzoxOC4zNzc6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBkb3du"} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038381406,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1488571187162253,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":141,"pkt_l4_len":103,"thread_ts_usec":1488571187162253,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAewBIAAD\/EUjEwKh5CsCoeArDoAICAGcZkzwxODc+NzQ6IE1hciAgMyAxOTo1OTo0Ni4xNTI6ICVMSU5LLTMtVVBET1dOOiBJbnRlcmZhY2UgR2lnYWJpdEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} -00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":163,"pkt_l4_len":125,"thread_ts_usec":1488571189276080,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkQBJAAD\/EUitwKh5CsCoeArDoAICAH1QVjwxODk+NzU6IE1hciAgMyAxOTo1OTo0OC4yNjY6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} -00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571189276080,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":184,"pkt_l4_len":146,"thread_ts_usec":1488571330521769,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAApgA+AAD\/EUirwKh5AsCoeArEsAICAJJuQTwxOTA+NjM6IE1hciAgMyAyMDowMjowOS40NjQ6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gOjooMjIpLCAxIHBhY2tldA=="} -00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} -00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1488571187162253,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":141,"pkt_l4_len":103,"thread_ts_usec":1488571187162253,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAewBIAAD\/EUjEwKh5CsCoeArDoAICAGcZkzwxODc+NzQ6IE1hciAgMyAxOTo1OTo0Ni4xNTI6ICVMSU5LLTMtVVBET1dOOiBJbnRlcmZhY2UgR2lnYWJpdEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":163,"pkt_l4_len":125,"thread_ts_usec":1488571189276080,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkQBJAAD\/EUitwKh5CsCoeArDoAICAH1QVjwxODk+NzU6IE1hciAgMyAxOTo1OTo0OC4yNjY6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} +00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571189276080,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":184,"pkt_l4_len":146,"thread_ts_usec":1488571330521769,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAApgA+AAD\/EUirwKh5AsCoeArEsAICAJJuQTwxOTA+NjM6IE1hciAgMyAyMDowMjowOS40NjQ6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gOjooMjIpLCAxIHBhY2tldA=="} +00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} +00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":26,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267494812,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267494812,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} @@ -39,8 +39,8 @@ 01095{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267510571,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267510571,"pkt":"ABRpnhFAABDb\/xAACABFAAHSqgRAAPspB3jYQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1557406275495866,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406275495866,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd7gAAIAp7nLBGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1557406275511725,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406275511725,"pkt":"ABRpnhFAABDb\/xAACABFAAHSru1AAPspAo\/YQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279481997,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279497874,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":32,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} @@ -104,25 +104,29 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886375,"flow_src_last_pkt_time":1600782653380844,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744117704164,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744117704164,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1618744117704164,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744117704164,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEPOQAA\/BnudCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/r2sAAAIEBbQBAwMFAQEICgVJ71MAAAAABAIAAA=="} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1618744118712110,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744118712110,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEydQAA\/BnLOCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/q4MAAAIEBbQBAwMFAQEICgVJ8zsAAAAABAIAAA=="} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1618744119704155,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744119704155,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQKarQAA\/BhjACrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/p5sAAAIEBbQBAwMFAQEICgVJ9yMAAAAABAIAAA=="} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1618744120704200,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744120704200,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQNP0QAA\/But2Crp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/o7MAAAIEBbQBAwMFAQEICgVJ+wsAAAAABAIAAA=="} -00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1618744121694228,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744121694228,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQLO9QAA\/BguuCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/n8oAAAIEBbQBAwMFAQEICgVJ\/vQAAAAABAIAAA=="} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744117704164,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744117704164,"vlan_id":1506,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":1506,"flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1618744117704164,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744117704164,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEPOQAA\/BnudCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/r2sAAAIEBbQBAwMFAQEICgVJ71MAAAAABAIAAA=="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":1506,"flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1618744118712110,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744118712110,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEydQAA\/BnLOCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/q4MAAAIEBbQBAwMFAQEICgVJ8zsAAAAABAIAAA=="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":1506,"flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1618744119704155,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744119704155,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQKarQAA\/BhjACrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/p5sAAAIEBbQBAwMFAQEICgVJ9yMAAAAABAIAAA=="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":1506,"flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1618744120704200,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744120704200,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQNP0QAA\/But2Crp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/o7MAAAIEBbQBAwMFAQEICgVJ+wsAAAAABAIAAA=="} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":1506,"flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1618744121694228,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744121694228,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQLO9QAA\/BguuCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/n8oAAAIEBbQBAwMFAQEICgVJ\/vQAAAAABAIAAA=="} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744046789343,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744124714186,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744129233154,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744129233154,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744128983164,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":1906,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1618744128983164,"pkt":"AAAAAAAAAAsAAAAGgQAHcggARQAAPAAAQAArBtNvqS5Sogq6dcLLzcMc+vRbmS7pWNWgEnEg9ywAAAIEBXgEAggKoKw2FQVKGkwBAwMK"} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744129233154,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744129233154,"vlan_id":1506,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744046789343,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744314014150,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} -00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":84,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1639052948178444} -00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":85,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1646228387732435} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":84,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":3,"total-active-flows":17,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1639052948178444} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":408,"flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01006{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01228{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1506,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":85,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1646228387732435} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435} 00991{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388234384,"packet_id":86,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384} @@ -131,33 +135,33 @@ 00891{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":449,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":449,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa0AIUUAAav9yAAAMxEhssN4pYZT66ndAgIq+AGXbaE8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjMzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5NzI2NS0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidHlwZSI6ICJxdWVyeSIsICJpZCI6IDM5MDc0LCAicnJuYW1lIjogIm9wZW52cG50ZWMuZXRyYS1pZC5jb20iLCAicnJ0eXBlIjogIkEiLCAidHhfaWQiOiAwfX0="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765633,"packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633} 00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="} -00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":89,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1646781267422628} -00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} -00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1646781267424794,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_usec":1646781267424794,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAfIN0QAA+ESYWCl7oFQpelhXgHgICAGj66Tw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IGV0aDA6IGxpbmsgYmVjb21lcyByZWFkeQ=="} -00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1646781267424923,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":149,"pkt_l4_len":111,"thread_ts_usec":1646781267424923,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAg4N1QAA+ESYOCl7oFQpelhXgHgICAG\/wdjw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IHZldGhhNWZhMTNmOiBsaW5rIGJlY29tZXMgcmVhZHk="} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1646781267425929,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":173,"pkt_l4_len":135,"thread_ts_usec":1646781267425929,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAm4N2QAA+ESX1Cl7oFQpelhXgHgICAIedDTwzMD5NYXIgIDkgMDQ6NDQ6MjcgTkRDM0NMTkRNVkEyMiBOZXR3b3JrTWFuYWdlclsxNDIyXTogPGluZm8+ICBbMTY0Njc4MTI2Ny40MjQwXSBkZXZpY2UgKHZldGhhNWZhMTNmKTogY2FycmllcjogbGluayBjb25uZWN0ZWQ="} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":139,"pkt_l4_len":101,"thread_ts_usec":1646781267427418,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAeYN4QAA+ESYVCl7oFQpelhXgHgICAGX4yTw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogZG9ja2VyMDogcG9ydCAxMSh2ZXRoYTVmYTEzZikgZW50ZXJlZCBibG9ja2luZyBzdGF0ZQ=="} -00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1316,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1316,"pkt_l4_len":1278,"thread_ts_usec":1646781268509996,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAFEpBvQAA+EaxdCl5QPApelhaaDgICBP4qVzwzMD5NYXIgIDkgMDQ6NDQ6MjggbmRjM2x2bXNkcHRkMiBmaWxlYmVhdDogMjAyMi0wMy0wOVQwNDo0NDoyOC41MDIrMDUzMCMwMTFJTkZPIzAxMVttb25pdG9yaW5nXSMwMTFsb2cvbG9nLmdvOjE0NSMwMTFOb24temVybyBtZXRyaWNzIGluIHRoZSBsYXN0IDMwcyMwMTF7Im1vbml0b3JpbmciOiB7Im1ldHJpY3MiOiB7ImJlYXQiOnsiY3B1Ijp7InN5c3RlbSI6eyJ0aWNrcyI6MzQyNzY1MCwidGltZSI6eyJtcyI6M319LCJ0b3RhbCI6eyJ0aWNrcyI6NjA2MDIxMCwidGltZSI6eyJtcyI6OH0sInZhbHVlIjo2MDYwMjEwfSwidXNlciI6eyJ0aWNrcyI6MjYzMjU2MCwidGltZSI6eyJtcyI6NX19fSwiaGFuZGxlcyI6eyJsaW1pdCI6eyJoYXJkIjo0MDk2LCJzb2Z0IjoxMDI0fSwib3BlbiI6MTB9LCJpbmZvIjp7ImVwaGVtZXJhbF9pZCI6ImI0MDc3MDU1LTNlZmUtNDk4Yi04ZDUwLWQ5MTZmMWYzMTllYSIsInVwdGltZSI6eyJtcyI6ODkyNzYxMjYxM319LCJtZW1zdGF0cyI6eyJnY19uZXh0IjoyNTIwNDQ0OCwibWVtb3J5X2FsbG9jIjoxNjQzMjM5MiwibWVtb3J5X3RvdGFsIjo0NzA1MTM5NDgyNDh9LCJydW50aW1lIjp7Imdvcm91dGluZXMiOjM0fX0sImZpbGViZWF0Ijp7ImV2ZW50cyI6eyJhZGRlZCI6MiwiZG9uZSI6Mn0sImhhcnZlc3RlciI6eyJmaWxlcyI6eyJhYmY2ZWIzOC02NGFjLTRjY2UtOWQyNy1hZjlmNjg0MzAwYmIiOnsibGFzdF9ldmVudF9wdWJsaXNoZWRfdGltZSI6IjIwMjItMDMtMDlUMDQ6NDM6NTkuNTQ0WiIsImxhc3RfZXZlbnRfdGltZXN0YW1wIjoiMjAyMi0wMy0wOVQwNDo0Mzo1OS41NDRaIiwicmVhZF9vZmZzZXQiOjI1MzIsInNpemUiOjI1MzJ9fSwib3Blbl9maWxlcyI6MiwicnVubmluZyI6Mn19LCJsaWJiZWF0Ijp7ImNvbmZpZyI6eyJtb2R1bGUiOnsicnVubmluZyI6MH19LCJvdXRwdXQiOnsiZXZlbnRzIjp7ImFja2VkIjoyLCJiYXRjaGVzIjoxLCJ0b3RhbCI6Mn0sInJlYWQiOnsiYnl0ZXMiOjEyfSwid3JpdGUiOnsiYnl0ZXMiOjEyMzR9fSwicGlwZWxpbmUiOnsiY2xpZW50cyI6MSwiZXZlbnRzIjp7ImFjdGl2ZSI6MCwicHVibGlzaGVkIjoyLCJ0b3RhbCI6Mn0sInF1ZXVlIjp7ImFja2VkIjoyfX19LCJyZWdpc3RyYXIiOnsic3RhdGVzIjp7ImN1cnJlbnQiOjMsInVwZGF0ZSI6Mn0sIndyaXRlcyI6eyJzdWNjZXNzIjoxLCJ0b3RhbCI6MX19LCJzeXN0ZW0iOnsibG9hZCI6eyIxIjowLCIxNSI6MC4wNSwiNSI6MC4wMSwibm9ybSI6eyIxIjowLCIxNSI6MC4wMTI1LCI1IjowLjAwMjV9fX19fX0="} -00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00801{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":94,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":148,"global_ts_usec":1646781268509996} +00799{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":89,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1646781267422628} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1646781267424794,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_usec":1646781267424794,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAfIN0QAA+ESYWCl7oFQpelhXgHgICAGj66Tw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IGV0aDA6IGxpbmsgYmVjb21lcyByZWFkeQ=="} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1646781267424923,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":149,"pkt_l4_len":111,"thread_ts_usec":1646781267424923,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAg4N1QAA+ESYOCl7oFQpelhXgHgICAG\/wdjw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IHZldGhhNWZhMTNmOiBsaW5rIGJlY29tZXMgcmVhZHk="} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1646781267425929,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":173,"pkt_l4_len":135,"thread_ts_usec":1646781267425929,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAm4N2QAA+ESX1Cl7oFQpelhXgHgICAIedDTwzMD5NYXIgIDkgMDQ6NDQ6MjcgTkRDM0NMTkRNVkEyMiBOZXR3b3JrTWFuYWdlclsxNDIyXTogPGluZm8+ICBbMTY0Njc4MTI2Ny40MjQwXSBkZXZpY2UgKHZldGhhNWZhMTNmKTogY2FycmllcjogbGluayBjb25uZWN0ZWQ="} +00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":139,"pkt_l4_len":101,"thread_ts_usec":1646781267427418,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAeYN4QAA+ESYVCl7oFQpelhXgHgICAGX4yTw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogZG9ja2VyMDogcG9ydCAxMSh2ZXRoYTVmYTEzZikgZW50ZXJlZCBibG9ja2luZyBzdGF0ZQ=="} +00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1316,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1316,"pkt_l4_len":1278,"thread_ts_usec":1646781268509996,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAFEpBvQAA+EaxdCl5QPApelhaaDgICBP4qVzwzMD5NYXIgIDkgMDQ6NDQ6MjggbmRjM2x2bXNkcHRkMiBmaWxlYmVhdDogMjAyMi0wMy0wOVQwNDo0NDoyOC41MDIrMDUzMCMwMTFJTkZPIzAxMVttb25pdG9yaW5nXSMwMTFsb2cvbG9nLmdvOjE0NSMwMTFOb24temVybyBtZXRyaWNzIGluIHRoZSBsYXN0IDMwcyMwMTF7Im1vbml0b3JpbmciOiB7Im1ldHJpY3MiOiB7ImJlYXQiOnsiY3B1Ijp7InN5c3RlbSI6eyJ0aWNrcyI6MzQyNzY1MCwidGltZSI6eyJtcyI6M319LCJ0b3RhbCI6eyJ0aWNrcyI6NjA2MDIxMCwidGltZSI6eyJtcyI6OH0sInZhbHVlIjo2MDYwMjEwfSwidXNlciI6eyJ0aWNrcyI6MjYzMjU2MCwidGltZSI6eyJtcyI6NX19fSwiaGFuZGxlcyI6eyJsaW1pdCI6eyJoYXJkIjo0MDk2LCJzb2Z0IjoxMDI0fSwib3BlbiI6MTB9LCJpbmZvIjp7ImVwaGVtZXJhbF9pZCI6ImI0MDc3MDU1LTNlZmUtNDk4Yi04ZDUwLWQ5MTZmMWYzMTllYSIsInVwdGltZSI6eyJtcyI6ODkyNzYxMjYxM319LCJtZW1zdGF0cyI6eyJnY19uZXh0IjoyNTIwNDQ0OCwibWVtb3J5X2FsbG9jIjoxNjQzMjM5MiwibWVtb3J5X3RvdGFsIjo0NzA1MTM5NDgyNDh9LCJydW50aW1lIjp7Imdvcm91dGluZXMiOjM0fX0sImZpbGViZWF0Ijp7ImV2ZW50cyI6eyJhZGRlZCI6MiwiZG9uZSI6Mn0sImhhcnZlc3RlciI6eyJmaWxlcyI6eyJhYmY2ZWIzOC02NGFjLTRjY2UtOWQyNy1hZjlmNjg0MzAwYmIiOnsibGFzdF9ldmVudF9wdWJsaXNoZWRfdGltZSI6IjIwMjItMDMtMDlUMDQ6NDM6NTkuNTQ0WiIsImxhc3RfZXZlbnRfdGltZXN0YW1wIjoiMjAyMi0wMy0wOVQwNDo0Mzo1OS41NDRaIiwicmVhZF9vZmZzZXQiOjI1MzIsInNpemUiOjI1MzJ9fSwib3Blbl9maWxlcyI6MiwicnVubmluZyI6Mn19LCJsaWJiZWF0Ijp7ImNvbmZpZyI6eyJtb2R1bGUiOnsicnVubmluZyI6MH19LCJvdXRwdXQiOnsiZXZlbnRzIjp7ImFja2VkIjoyLCJiYXRjaGVzIjoxLCJ0b3RhbCI6Mn0sInJlYWQiOnsiYnl0ZXMiOjEyfSwid3JpdGUiOnsiYnl0ZXMiOjEyMzR9fSwicGlwZWxpbmUiOnsiY2xpZW50cyI6MSwiZXZlbnRzIjp7ImFjdGl2ZSI6MCwicHVibGlzaGVkIjoyLCJ0b3RhbCI6Mn0sInF1ZXVlIjp7ImFja2VkIjoyfX19LCJyZWdpc3RyYXIiOnsic3RhdGVzIjp7ImN1cnJlbnQiOjMsInVwZGF0ZSI6Mn0sIndyaXRlcyI6eyJzdWNjZXNzIjoxLCJ0b3RhbCI6MX19LCJzeXN0ZW0iOnsibG9hZCI6eyIxIjowLCIxNSI6MC4wNSwiNSI6MC4wMSwibm9ybSI6eyIxIjowLCIxNSI6MC4wMTI1LCI1IjowLjAwMjV9fX19fX0="} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00801{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":94,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1646781268509996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 13199 bytes ~~ total detected protocols..: 17 -~~ total active/idle flows...: 19/19 -~~ total timeout flows.......: 2 +~~ total active/idle flows...: 20/20 +~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6687523 bytes -~~ total memory freed........: 6687523 bytes -~~ total allocations/frees...: 114307/114307 +~~ total memory allocated....: 6689815 bytes +~~ total memory freed........: 6689815 bytes +~~ total allocations/frees...: 114318/114318 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 285 chars -~~ json message max len.......: 2219 chars -~~ json message avg len.......: 1246 chars +~~ json message max len.......: 2234 chars +~~ json message avg len.......: 1253 chars diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out index 73c6459f6..ec1dd2559 100644 --- a/test/results/default/ultrasurf.pcap.out +++ b/test/results/default/ultrasurf.pcap.out @@ -1,34 +1,34 @@ 00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00789{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} -00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -04044{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609846,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"} -00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -04039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656652731609853,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609853,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7vQAA3BtrfQTFEGQqEABfDhZQKC2ONCUpUkTKAEAFmmhsAAAEBCAom3sgHA1a0\/YkZzIRfJcoGEDhjun+5RWZFRHORheFaka9qWEEqwSnKRQ8+fGAhhFa7EN5cpLsXBaX2yHZz8DtP4L0FIaDBHwFd5rA4GP5cmI7bfwLgg4FVeGP7SjUTC6qb+HQHzgd9GKJejKikQgtNuMoyW+WltSykS7MMuwC9XmFm880JdkonHY1odOp0bZesqC0Ef58K3CfEAwAV1rHerMtEb3ZHcVOr9dSu4VHvVdRPp+8WfCOtT114DN9xODhN5xizXNsKGb1Vqn77M3rN9osNOzf3tytH8Pevd1aIgf3Sm6YXA7VR5D7dvmhs0FN4QC+LDtkE\/6thA0uo\/lnZqMEIHcwUsGe918WbIwSGOk2MJbaAbJZUODyOfxe+T03WsJGCGLuDQ0m7AsMClrqgh8OHbm5U9HMCsMr4h4pvEhR0z2I+R7A\/GAWfQ1Lv84asTQ\/KcjVoTGNO\/qR9qnBDPz02vpUg0t1qIn5OZjHUJc1XlP7bcvV\/wKw3OfG2mX63GGvc7i7QZES09OVvvvQOx27EiD1xANcAMElPBG4AZ\/1ImDDO55WnYWPfINUR0Htt3CDZHS99b7xjoML0TE0baQJ3Jm38p3DdfsEGrsmIokmWO1TpdGRxB4MJLY3wn7Tw4tqDNqBMVruqsIN3XOP1je5K4jtfip7MN5mhXqQwq26JbXu4RN0QZgBwifB\/DFQoswvG8No+jWGMXSh9v0kJl9fw8bhx9lZpA3tQmLgRL3sOqJAHaqHBZRkJhuHh+Rjm\/6hTfFQ00ehtauLThf9ezdb2uY49gvz2DGebsNmTjFsOx+X4R9hsdpnezkh4aEpX5uL1bXi1H6uS64VjoFNEDHQpZ+3uZrYCmJilgBV0bv0nVghQl4kU33Pf7GIoPZuXhIQfS9VrHsdHbZpH1PU8M\/9PRmRmYlmeapu7XEZp4CzDGYPDSedJ8vQLqPyHzVwGcjHckBVdpjNiPAG5UPQoZ3wCl\/PxEywufemrmfmR\/5AqOpW8\/Wur6zMxw5YPRRe\/bygJ0G9Yqw0LVPvEBxGwFY9uVVI6IGaHAasiMKQLbkze7bdXM6QNfYFDnbbaxoOEV8QDh7YIhuz4gfbAW6eyQbJT2jQKjEHkd0tMaupNho4gKsMUwsj4nZlzTYJVJpDMcLimISegAqBKQ4i8foUUKiadz6eosf+e\/Jex37VfE+krt3zlcpISr8HTnFM1USFF0+9ct3a5KjyNHIWXBbdEjluidEueiRiWyxf4cTH4FbCD2xO9GNRkq9QZppurtJaFbRjXCrw9UUutzbcN9EQ4Cq+gKBSyYXwmUbkSGOLO9rE323nvwyvDcYVdrUsP+BGDklMzvNUHuJnRFouZ1R0WCXxlJrCNrMkgI+iuTt0BJzGXzfEkqc7fmNoiossOF4BZK08wWnsMWJPMsI5Aw3iU49xeiNCj74DW2jR92gY79iEsFrre1ny3NbSwl8EGB091wIYQyL7Ho3Xf3P3gT7nJkJZVIupHy1AL3OnXFLu0aQ9jZogZz0sFxzcPAzim0\/TD+aEJKEn3h1ZCM0dvkLQLeFEGKVhxypzfJLDO0hydYwloEETx3qJaVHzqs8Wq+SgnnsMzDPiMy\/H9mXbpWFOmZUY8c+RgPNNwEPY9sWGgREkghLZgVI4BmbR+1He8AIC\/Jqb6\/fZGK9Su8InqtBz4VDwmCvVjB5VmwRYgEff9Co9KEAKioF+rxsp7jx4CUT\/dUpBgwtPw1AAqwXhQ\/uIBWqnOLtB+sJapVDGqCd6YbeW67lUJtDoMU8VaKm8fednX12fDvla7u1M+CXOyIf\/4rq46zKsHemwKXMSG27KxCoqvfpu2RFyDoNiwIkywHe+mu0KXU6r0uKXXuXHjcqE1XT+Ol42P4hE1aTwsVJT\/aLRIVQDwKL6IhfLinh4zf9x0O\/I\/C1GeMvABe16jJTVzGkcz49endJCMetsRgtWR7oSOwEn5bVIocg8jZsCjdrwEvd6kjZWMsRgHhtbLq+aU27mgxUfacXWiiGTsT33DZFYnj2Gbfgh1MUmZNuxbwGQK74YsSlD8+37pnUDCdBxPu+Gf64VQKHxJ9RtZ7tBvjcOGhEiQQM2Bqm9+kC5dGL6whXOTdBD0aHE3e3jNhysBJXeznMxXLuH5BpQBNhY+pGCD36HH\/gl2POk5EvjD5emciTPfEvMoX\/pO1twUedLTeXtt4V8bNumuTzdRWus9vZCGnaJKWYY+IluLtxDKaBHhULnRKPZr7a3fqY4eZZWnvSv+6SyQfi\/guF4IkYLhqf3LM1QbKUpuoYVTCXDg\/iejAGelMIOMZk\/34eSGVjsk9H4ZDrbf+Wviyu10e\/3LGX4vZqXdNId0qCEAQQsb5bj67rIpqEUfO1gjj68uRkOWA5pTXz1Cw5OGMJDODQJgEJUgUxpgbiqUn1yGaEKOOaiaN2Vv5\/u+w6mqQni+gBiA0+4K0zEMbn8XRxSib6SxlyLQVFPK3+8NFm9X2am1AtSH1\/PoCM1+A0L4I8UddMiaV4KJVbD4gIsbkZTEL2rNpB7+3TEPLkz\/oWqgDlYpiSJoug71nGWFcD+HEERUlO5Z93B7c4XWme9gT2XSraJ9EGS47MTy8E5gSuzHgT06aAD1VDe0EzdVIhzO6QfLKRVyqK\/DkDAcF1dU\/CysJQuLXO26HE1qiZstmUL\/PmaIF1CAre3aq1TiBtKi47RcAusmfTZViQ5pBnP52RilqIkeFHO7qJ+Xe7UbBid1eckGMDShESIKSMkg323ewkUsCQrdbbCQCNxMP\/vovWIiozrHVfadoXMR1+s3vDeGvdijxN0cQlXKhRXEHz1q9AFZPP6OvHtyaigQOx7Av7+CCavPWtRnhVyR2jLsjvU\/P8W5IFa8Qs0a8CJRQpkCWniRyCA3gsdHuiU5LPzN9N6ilFVKYWl8zCdx1E0DuWVnebVHPp\/mSPBcwJb6Kn0mZE5F6Slv4ios+F0zFBa\/+ONDhj8YI3D0pzybuWoGGURZpxxZvXyeMYFUqAzWQpmxOYCpDyYaRzpVXybXDJxWUfNGwmd6Ve5t6JHTxK332fJRagMHTraU5uEpzRuAnBCqVX\/orlzGUbI38lDmfktCRZhIZ0TA4WOuMezAS\/U5UeZ\/Ky36Btzeqc\/GtSNTwfx5pintfeIcHnEiV69AT2a7sR3PISNs\/w0efL492At330L6CabtPqbX+3L9tP+74e7pNSOxbl7oi\/mRnKkb9k8n2BH6yIJJt5VxxH74+2OAUxERThSHVZlYSiPBPktL4R30L859p0z2Uz6qmrKoN1is1fQXX8xGHOr7PkuLtDJqwFDVFJJ9YkA7Dx2pq++TaR\/9pl4AeqnylRZtWT3EJRF\/MYY3nnisHit78gzVET6d1BuDKtwoAyw4mKyfoqWDMp6JOacbgYmXKL3bRC0doX8dbGOchwnFREadeVLCi\/Q5"} -02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656652731631188,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_usec":1656652731631188,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7xQAA3Bt\/lQTFEGQqEABfDhZQKC2OXGUpUkTKAEAFmw0YAAAEBCAom3sgTA1a0\/SxS3iaqHGBX0a8rgr8EFwZv7fbGR3LsZjVMCYTlteWImHMg7dpDQx6QAkVSKrBDRWsAgkFKUO9XRHQzEdcVJv+Jk6+iQYy27OR2Ruv0q0NyJCK8q8neLYQxD7xGx95YziHhCPmx+v2VJKWqXvo5pekBzrhigp\/0TmX3aYQplVTgwksBVP1wSVYSvnxpw4x3MGHY6EK1PhkChr6I2QaCOOskNMVQXjje52Gr0TD6cnIJniT0zvgTXSdGXH4d1pNmH6VI38eKJmR97TCaHW4VbObiULCNV965z+H0nCojIGmrzSNlYRkWatbld8Zbak+Ve9Ye2qFSUfesBybrU8MPKChWDS4szas\/0\/+O+hp7fTEBfmCOnTwpeZ+9ckDlu30IjD3klrlcZcGx59JJ23VaL3mRHXN2m7OYXYqgEUyKkpkk87MSdGKaT3iv+xeB8fdAD0S5iESPxvCatNGVxlnPWQC6LE2Mwk\/UPzo8wmxmWU\/4g2SzkG6fIhc2KfKoBTSS\/18XObBYhTCKn8tmchtQQnCFEhJwUqNPVQHAM7VWv97\/MrpK1Gg3ow57h3u6bsT3zD+7JqhTzfzSb+JLf+gPPuPmKrDBND362h9HtUe4u54hmK0emiAYbKHemgqk5ObUECg98wBR8GbmhEjkgqd5l9MpJjXEnZd7YjYb9HqCPVuTVofELhtwiquLU41YKvkqj9qHY3i83C4I5rsGWBIQz9jCnG\/LAO0gc+K5MhM0jD8w9afyXqZxxIWbvFCzYdvaAxFsd+dbs6QyAzMjBlRwZZJGoKCRudoGu78iGcHZ9v4JjFh8PqFI5RKE50MXupgqZhn5s+mncV4ED4BR62InyQMO+2lSV8XApXho3jZD2BZYaHL8BxzViM2AnSYU40nV5P\/9Zcawh1bVQjVPNsaeHWxMJc5P+uhgQ7yN5cDddbbbFops91CwGboz\/Y\/iUMqNL+Au752094lP9CLdBHTtF0nwGndsTr7PXV2am5lVFY+07I13Rnwh96VlnzAEErq6QUJMFpXVjoILKF75mfhkzufc5ww1btEyyIToFedBu8inrM2nSfVR4GSH1acVyxGJN\/xPMqMoz7qX11hSlDnDNA70XCXcPknSvGQJeC42YvRZuyBXR4bSZJpW3uxAIMisVpx8HuvqUlRDvWeTkl\/KlLkLPqVG6A7V9IJ4CzPp2LGxX0mxIii\/hq8qrdBvVjXBSMG2kFGd1Gk2CYKUDdUedzWwHbeA+x19\/Z8W9DscgX5Ingwo9qBoCIrSYVEyo5A+Bu6P2A6MYai8bIL3N1ixp0uHekzl1S5Y5ONHOtGVOFVnwRx49hvB6HPO9wc0rIJSIsq9YnBJNWgIZNFkCjlBnZHso+vfBKU6hgL+4B1v8gJk8\/+OinGcG00MXqyjoV0hIPvX8fcu6dH9TclFMmJS42m7WMCCPvMCk17qoAwiC5hrfwamrAiYI\/PEcMUUmJwNoLE7aKVZ7926CN5wXkVGlgQDYNSoxPqXoHqtbU6arZQtfgfxuD27lKKUbZm7keaLAlr7T5d0Wedi07GEwl0yp+Np4OWX5kU2Sgn3juSmnKnaCzCcLk2W4PsHrD6xcXA4Ni176mRo2kV4lUcSZ9ReNwImdlBbdKoXwKkzjV8Aa0hRPMOK2kTBCfB1GhE91TGa9BbzjtvK4JbGfzJcCXKDHd6qGUGMR+lTKBl2gIfVx9fr7SRFiR3Ky\/s="} -02294{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656652731631193,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_usec":1656652731631193,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7yQAA3Bt\/kQTFEGQqEABfDhZQKC2OcIUpUkTKAEAFmX14AAAEBCAom3sgTA1a0\/YnJx2iSuJ79A02iSpm6FwMDCxojqe3RWxYZ0M08ncnevlyLwEs736KI5r443nS22drmsh9uGhCZYkCFNBlUDFM\/fcySdr4s04uEoVmjB1uKTTY5O1iq2DJoI5MGxLgLg8QvJV6fvfCXZ6RnE4dDQiIKlGpZ6tXLF6Mz+ey\/8dFY2AT1rsNyhV+X0bV\/EOXEuIwmAFV1LryIayjOcu6vLr7ov6Mptz6sehsvUf5DGP17QZBXoW2mi\/Kcl3ShTTgwt9v\/wM1dq026xCaiPEQl60C4quZOkJ+JAEi4BqJdDXhLEMXqJxBfKJs5wqxk1jmzEo7g9L+32hLAaYbpfxct1aR8nxcnCyaOzryfCuVzZ\/wGfnagHAmXgL4EmFl0R0+fRYVNXcrs0FGzEHS3Gk7zsqtb4Z2n4PGcRW1qCVKOtuumWY1iFJNH0csOYTuNxKkkNDZPfQ+Dp3yZfVfSiwb4BGn9l38WHTE0YOKlq1yVGDmCUy6gdd79RDopbwFnPZttlJCCzCPkktS3t3KOcaB\/eGasChjxz6icscSxGydetqvpb9enMDnWVxeWK\/JCTdy8ohXEnSXaAwZsXmkENcBdlUD560QPkDd6GTg47Kv0CNmHztYt8zkV+f9NOu7APKLg1ObmOJR2+A2+qK6FW1J\/JJPfioNzfAxr6DHekohSKeWD4T0PLKXUfSS2apMfcJyrCJ5lNA5OlvLsSfELfXZTV+ju+lOmGbEvLY5mRqnxr8\/fdAo0dA5iy4drivybc673PvIX\/r8hnM1Nl9GSSvym27i7rvNxu11SD\/mRMC1Z+17RC2YYrQW86TdaxQblxFyg6fGcVWbUOmeZ9wQOI5lRENBqEZHZtMT66TOxeZfykesqzsO0m0aAFOMWVbPCc53IVy\/WEu9zjBOUlzUmrOZqroVoY4QWCJ1vKJHdxg6IGvfkOoaj+B9n5GvLx2d7kHqcgiXh31YiwZ6MMcdISC7STJZdKc9pp5fJ8Q+owXSpNzIWJpmj5k1t8G1hIMxmaAX74prYtUhMYtegD1jYHIOnCbSViIcR\/tQerx7JPyuG0GS8vjL\/gHMHK+EvglsbofCYvAEgYmCXTlmBRDffF0cA+FbdCZ9oITQ1ZOOgsrYmUuIBXFiI+KPAz1qkcTxZNfaPCBsrX5sIrkCNfTH29spcli4OKwsecg4F4Rf2EL+s0Ltyw2fW9zkDqHTXQLkeEQHrAPBAEsS7aCjmzp5TCXxZ3sh9FD26dfGZa0TmfegYQISUY+DD5qKYuZaEEGrRiuUknuKlxlNRFcGW5rxprJGAkmaBPtwTx0D16KblFvLs9qbs+W7dQ8CTNVCcuF\/CXAjiOU632\/5kKG2HF91WV2BZBqo71sue9l6UwdBzuHsJRchZ6Rr5NbETjZFdK0\/CCz4O8HbrNKjxsS0avnTcXWzgtgdt1FCQyw468K9zDoc2QMIKDrH3xcLN0odxSnOLty2f60LfsaPIxHTBsZEbkhbi1UbTwakfW6B93kvu7TM5t1+BgyGSUhH8O8ots9utFuXZxSzTU2SZEs\/EKJfcEzsf1XSRHfi3ne6hUntHe8NEEq+7cf0jSFSjLgp+1rpKOprJ2ErAhGrpJdBfKE1QquvVkdKe0NhdODLVkr6rSzTrgHF+6oXDXQoG9AX9qDGiPkI2Y1d3VEugsFLTl+7dCaK3p5RGcdyuy\/Qxh2ojlwRUVEarvKE0Ew0wQDE="} -04044{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656652731642162,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731642162,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7zQAA3BtrbQTFEGQqEABfDhZQKC2OhKUpUkTKAEAFmmhsAAAEBCAom3sgeA1a0\/eWOf\/UcqY2pj9uZK5RSGVXyvSf2ep2S+G3D3q4XopyKxPPraArtz1Rp80zJI+28ip08auJye\/jLk6lPk6rRFeTHNUnPjJ8ITJAbUoqJK47NV5lyVbZ6dHSXdjkqwkhw2BUPefSlTo+HmX46hK+vcWkaUqsMVA1o7r8KqpggrRoTB5FhJHQdKkS9irjiNc3\/6fIH5f0Rxm8bhymnjMLxFa5x+Yl9v5TcoLBkF+9Un4KjCfveTm2xqrEeXhmH9o6dDxxf2aIGsGv\/YsfhfAWdO5VNlMgKzj9AiGo4+tXvDV2r6lJHZ1laOGAY0mvhjU3N7wfId1JxMn+2L1caesF\/QesG5i17Yd1LBua1ekfQ0mbQpA0g366xu0wKV0sGWLyi1qFvA9GzXXvIZqD5sX\/4\/ZY\/Qgojia5EwF\/1EavMAGb2V87XcT5xsVuz17wYlggG3ywy7TXcajZwZCnvTh2p2qB1C+pyeXNtMKc3jT0I+t7PwMQz63FqHTQlEE7MorLW80z8\/MKMk+HHGEAuSgKEJN5E5E1XgwbB3a9adQVTf+xCigVf23Wa4hgEbJnt9jJ4Z50YZaaUypYXvVk4nELoERaU8PbKZCQzg5N+L6cZXnCcd8Kp7ajvAC8zcEXYzqxrOLERJuZYBX1L3oHJ7gy6CAx7UGC0g8nwBCxXkWOzBGwEcAA9C93Kd4Xt+oa9fZbNdkWZNGaGQ6zf9ko4+CRzlyKcgoGYPZzhJGLumbvYkAF9NxCBSelnWUJLOGZLJRLcVa6leOLvRo+VFCoNKhCEde0CycqdXnLqBaPt+XPC+g8QLG04\/cmTYd6wQ14gHAq9YRXpJg+SC1WLVzVCerv7pmWO7eJZ5eK83BfywTV6zyaVABorTZdssEn4fWQA7vWjP8fZLb+6PO9xc3bRG\/Ng+UYfNKfxHtINqZQNOu8x5QRLvqLAJ4hzLRaZ6r7HbItoWpnvP\/62eu1MQjzx2z\/H21OkAkv4msHBFj2EdRt3qxAcjiAVI0S0caiFmQ\/Um8VX+zqoA0naPbzPfZ8RIIAyPajUweR65kCNSVbD7M3FFQYonBLX7M7D7rK8Z4xZ4BRgpZo61UoiWfI2JoMpqxmiyW9strhyP6Iawfl7X4wIT3aFGK4GXVChlEcTvp4kDdFKKupPj+mUFrf\/fwQb3z\/ssJZu6uYkQeRxC0TcWPWjSBJrNqwTdaBLN7u0bDJB8JNnTbbtlS6JHJwqRwo2lui8SSf7x1uwdJBGN9YLtkNliDCMnZsvWTDZDTEEnMP8+af43\/m0PFv7LkknCF0bW23hBi\/kq\/DLYSqCGwojOt+DjC1zTPB\/6RTxd7Zh6jlcZckOKxhO6j3OGuEHHpZPa6wylpL4f5LebCT+290I\/0qYBW\/Btp+cJDX1AdPsCBzSyQI6AHguYUp533LMR5\/Irwf4I3s4vPN5fBtHpJCIX+gQ0IT\/JoxDtX2H0duU7+ww\/9mABbPPV3galjNAdM2USLZutUTJKLl\/AYXJQrWC4H7+DH5pNb2nwJW+dsgiJwiAJPI6T3ii2AJf3a9UWmVVFHU16WTJAwpYXiv85xgWrO0p7EIQwwdMROV6HbLzI0OynESCz2w3HlUXD1S6RPB2HMPeAIRCB5871xCeKzQM+zsbs2tg9pSJx6mvHxP8CVWPP6JxjAoztndY8xvDFfLOm7ivP9yw5kNJmnZXFVrReiXsD5TdAHcwtsVCYB5VGp9nB5hKn1OmJC5FaDeCZSZuMVLMDMKEfTZpXCUBtlSIvtpVLGOEyeW4Uq1DzmnT8kYpUtuajDSoayQvBRMN4BZvSERAz1OG2RaMO\/UgJdpc4pRZGQSyhR2R5WdgNEk5F8tJXa0lJKGWdUAWzouCs8PcI2zygcHOePGMihC6oRlhT8+cYrnpLh1FUqXTZeofIIp5TWS0OQvvlrxHfSz5+Q6cBP7MeI7tHFvuTy4kTcsmfH99um2aAlR0J0gwNc8ZC\/JOU3dYnsP2SbbgM53UhEseXyVTbk2uju10iTbMFRcEK7UnFlLDBPnVne36r4M4D99iAYPgeZPB0iYP30a2NMucQUPtWOsny2YHjSiRkZhocAZCMrB8U\/MteZsXAwMLGuzfHEIVMQL7KodoRhWoNLgPzCh+mveG5NvSYnHejLoOB7D6pxEjKuej7IxznoRWhBibOUvfkqcxjqPgBayAGHM0SZGvTOEX0TqVH4MSvCp9z+aZIBqUbKwmTxOsK0Np15EiMLKwfbvtBKHd2HXmGTeSgYKrR1ENQBgQ6OTP9er1CK4pSVvzTogwtJZzREL+XSwz2OSlor46B6socVB8Gj2XOlmgbRnEFkYrTCdT6lEAeO3pxdtBz6iGHI1+dyKOJS24ekQXWOeMhCAnwelOGJ1wHByw1qo0P3N60ny\/8\/L16gKzjzxGoDPdnhAxH48aBhhvms3ZxEe4acgiySTcR\/sovm2MbpRbDDs6e58L+SMCxx0ia8lRBj2P3+RAXXq7VCarDqnoEg7l3\/X7QagurrkDuSBMCdJcEYPc43OlRQr\/4vdGWSrQntUAEuFuRl9c6UsjOk4qH8zFj\/9T76LCvwYycYg0LC64Ua+K+VySPqe6yjdri8gIH+ZUOjcTo\/kSHdCdh5ddhEyH+UbybWeJ8QFELXTxKKtxw2LMh9qQAxYTHjrHUAE514d\/FfnxxDZnS6PR9EbFJ3eFmba2Q9FTpv\/lrxRfbsY9\/SvsWQ5xM6MoFAuXnJ3Y\/vbszDrS6xeYCd1v\/yqLHjY6uAyvEB37PWqXcLCOfLZNaq3RVmGcGE0ZRaqNMOVo4mjrB8Cr\/3jlKAdlFNRI0oWDmfflCZWslPcn\/4sLRKxprVPPDXeWKxKkkg98E2TOuTERnvBWJfPtoVxQILVUNDXkklTkUXoahHJDnBMLVxkwdbYaWQCqGVY+f+B7hips0gQTUvjr\/XjbB2FtUEEyFP07PXUWZZ1JLmKe543wokyXpVlZabqJFh\/KLS1OjjpYF89dEXQx1GQ3HTTpU3h6bpdWhkP2Ip8hV5h\/3H6ctFJXj39O9wwQTGZzenO05oK2EZ\/COUErXoCnJ91CLotvqV\/bAe3HgS+SwKjSq8Que2kEwyxKKpjyLqqQpz5ta3vEU5CC78flc0tG4eswwV212h3evMFI8WLzKTQu9zX9vL4ZgUj7N5bcFuIlDRyn7GMpBIj0da1gReeJ25rLe0xkavnjptzAFO6UGcd8QBDlmB2HmlTkFyDh67Q6rtxzK4mErsGGQ+vkB7c1\/ce63mMzzFQ\/2eDGq6hP+SeUBuWh7JUSZov3MSTS2z0yWGsBIK8WKpdVZps8s+A\/HxWGGNB5EdPHoi1gHlLuaMizw+36AlVu7CpKd7cRM73X85P3y5Rp\/dwLNU9I6NBTUQZC\/qUBfeFo+Ki9OHJ\/aRz5wrmSMzud1X9apFgyAg4hOVCfBbwE"} -02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731961797,"flow_dst_last_pkt_time":1656652731903862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41208,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731961797,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20837.6,"max":150485,"stddev":35657.5,"var":1271454592.0,"ent":3.6,"data": [7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094]},"pktlen": {"min":80,"avg":1348.5,"max":2628,"stddev":1007.2,"var":1014474.8,"ent":4.5,"data": [2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0],"entropies": [7.935860634,7.912645817,7.844571114,7.831790447,7.918263912,7.928714752,5.522979259,5.447978497,7.859277725,7.870418549,7.933502197,5.497979641,7.862855911,7.853259087,7.847196579,7.913461208,5.472979069,5.319669724,5.429106236,5.429106236,7.836807251,5.479106426,7.821085453,7.859042645,7.931487560,5.538542747,5.538542747,7.931249619,7.868795395,7.859850407,7.922960758,7.932232857]},"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778161151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778161151,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778161151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778161151,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPJe\/QAA\/BhQYCoQAF0ExRBmU6MOFszN1DQAAAACgAv\/\/UcYAAAIEBVAEAggKA1bisgAAAAABAwMI"} -00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778372319,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1656652778421535,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778421535,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANJfAQAA\/BhQfCoQAF0ExRBmU6MOFszN1Dr8TpwSAEAFXcrgAAAEBCAoDVuLwJt9+2g=="} -01250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652778421539,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOZfBQAA\/BhIZCoQAF0ExRBmU6MOFszN1Dr8TpwSAGAFXVWEAAAEBCAoDVuLyJt9+2hYDAQIAAQAB\/AMDr1TvmxMyvNf+q717HlpuVMH9\/2gtPNvQ62Ai\/wsFQ4Egfoq8jeo6ii7AK7CjRsR0vzcKrDa5VfBts3k4lPGsvG8AIJqaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk8rKAAAAFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZ3vWq9kYKj\/3HkFLmmuM0Bc2kp7XBZSKjegj2paQwPPt0ERZnWpYSLR+I7K4AUK9Y2TaBWgf+V91OWtns7JMLmSahqNo2fkYDjSGf\/yU2ej1t1mOtjzmMMwNNMp0AhdbJ5wAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAg+punvdb2lxSVGdI6QjnaO96xqz7MDZUMuBufWP7ID30ALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACCgoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgHP+C37PmGfwkkqH3YtMvFo8GlUohGpFAmkcmxiOcfaY="} -01571{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778421539,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778641891,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANDC5QAA3BoMmQTFEGQqEABfDhZTovxOnBLMzdxOAEAA1cMUAAAEBCAom33\/oA1bi8g=="} -01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652778641896,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":1}}} -02504{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652779042511,"flow_dst_last_pkt_time":1656652779222772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":5006,"flow_dst_tot_l4_payload_len":4491,"midstream":0,"thread_ts_usec":1656652779222772,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62676.8,"max":270784,"stddev":99488.0,"var":9897854976.0,"ent":3.4,"data": [211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4]},"pktlen": {"min":52,"avg":349.3,"max":1400,"stddev":449.6,"var":202163.0,"ent":4.0,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113]},"bins": {"c_to_s": [7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1],"entropies": [4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831434184,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831434184,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPDStQAA\/BncqCoQAF0ExRBmVCMOFn9EiagAAAACgAv\/\/g5YAAAIEBVAEAggKA1cWxwAAAAABAwMI"} -00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831643678,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZUIPEwzlZ\/RImugEnEgLEwAAAIEBYwEAggKJuBPGgNXFscBAwMJ"} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1656652831673898,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831673898,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANDSuQAA\/BncxCoQAF0ExRBmVCMOFn9EiazxMM5aAEAFXyn8AAAEBCAoDVxcDJuBPGg=="} -01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652831673908,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOTSvQAA\/BnUrCoQAF0ExRBmVCMOFn9EiazxMM5aAGAFXu7MAAAEBCAoDVxcEJuBPGhYDAQIAAQAB\/AMDO7Zo\/JbRTk369S4SCoIhOmdg2TC3hkHYNT7vL9EGoF4gmvMu5lvj5xNX7exy1AfIdKk6v5iYOkqNu7hLh1Y7e9QAIFpaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk1paAAAAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZA+EuMf2lqc1yOKhVFtOQQEzV7TIAzUr4SQaoe3tyBYupujSwQJJFCyCF65TcO0wfF4l8YlF7mJ8mCVWiyJnQVyFOQ5cPFn287fUzN2Zjut\/czCT8Xb6ucpXDdeIzkMQwPQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAghi1p4yRBK379yGiurG3H4Jj+BGfDg24Eyg2DXh39FV0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACGhoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgJjoaetj0dIRwl01FzpE8h7C\/sNwfh2G7XMxsxF6YNAA="} -01571{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831673908,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831894729,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANPHLQAA3BsITQTFEGQqEABfDhZUIPEwzlp\/RJHCAEAA1yI0AAAEBCAom4FAoA1cXBA=="} -01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":1}}} -02491{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832235258,"flow_dst_last_pkt_time":1656652832454997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":4808,"flow_dst_tot_l4_payload_len":5851,"midstream":0,"thread_ts_usec":1656652832454997,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":58770.5,"max":269120,"stddev":100848.2,"var":10170350592.0,"ent":3.1,"data": [209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3]},"pktlen": {"min":52,"avg":385.6,"max":1400,"stddev":479.7,"var":230117.0,"ent":4.1,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]},"bins": {"c_to_s": [7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +04058{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609846,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +04053{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656652731609853,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609853,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7vQAA3BtrfQTFEGQqEABfDhZQKC2ONCUpUkTKAEAFmmhsAAAEBCAom3sgHA1a0\/YkZzIRfJcoGEDhjun+5RWZFRHORheFaka9qWEEqwSnKRQ8+fGAhhFa7EN5cpLsXBaX2yHZz8DtP4L0FIaDBHwFd5rA4GP5cmI7bfwLgg4FVeGP7SjUTC6qb+HQHzgd9GKJejKikQgtNuMoyW+WltSykS7MMuwC9XmFm880JdkonHY1odOp0bZesqC0Ef58K3CfEAwAV1rHerMtEb3ZHcVOr9dSu4VHvVdRPp+8WfCOtT114DN9xODhN5xizXNsKGb1Vqn77M3rN9osNOzf3tytH8Pevd1aIgf3Sm6YXA7VR5D7dvmhs0FN4QC+LDtkE\/6thA0uo\/lnZqMEIHcwUsGe918WbIwSGOk2MJbaAbJZUODyOfxe+T03WsJGCGLuDQ0m7AsMClrqgh8OHbm5U9HMCsMr4h4pvEhR0z2I+R7A\/GAWfQ1Lv84asTQ\/KcjVoTGNO\/qR9qnBDPz02vpUg0t1qIn5OZjHUJc1XlP7bcvV\/wKw3OfG2mX63GGvc7i7QZES09OVvvvQOx27EiD1xANcAMElPBG4AZ\/1ImDDO55WnYWPfINUR0Htt3CDZHS99b7xjoML0TE0baQJ3Jm38p3DdfsEGrsmIokmWO1TpdGRxB4MJLY3wn7Tw4tqDNqBMVruqsIN3XOP1je5K4jtfip7MN5mhXqQwq26JbXu4RN0QZgBwifB\/DFQoswvG8No+jWGMXSh9v0kJl9fw8bhx9lZpA3tQmLgRL3sOqJAHaqHBZRkJhuHh+Rjm\/6hTfFQ00ehtauLThf9ezdb2uY49gvz2DGebsNmTjFsOx+X4R9hsdpnezkh4aEpX5uL1bXi1H6uS64VjoFNEDHQpZ+3uZrYCmJilgBV0bv0nVghQl4kU33Pf7GIoPZuXhIQfS9VrHsdHbZpH1PU8M\/9PRmRmYlmeapu7XEZp4CzDGYPDSedJ8vQLqPyHzVwGcjHckBVdpjNiPAG5UPQoZ3wCl\/PxEywufemrmfmR\/5AqOpW8\/Wur6zMxw5YPRRe\/bygJ0G9Yqw0LVPvEBxGwFY9uVVI6IGaHAasiMKQLbkze7bdXM6QNfYFDnbbaxoOEV8QDh7YIhuz4gfbAW6eyQbJT2jQKjEHkd0tMaupNho4gKsMUwsj4nZlzTYJVJpDMcLimISegAqBKQ4i8foUUKiadz6eosf+e\/Jex37VfE+krt3zlcpISr8HTnFM1USFF0+9ct3a5KjyNHIWXBbdEjluidEueiRiWyxf4cTH4FbCD2xO9GNRkq9QZppurtJaFbRjXCrw9UUutzbcN9EQ4Cq+gKBSyYXwmUbkSGOLO9rE323nvwyvDcYVdrUsP+BGDklMzvNUHuJnRFouZ1R0WCXxlJrCNrMkgI+iuTt0BJzGXzfEkqc7fmNoiossOF4BZK08wWnsMWJPMsI5Aw3iU49xeiNCj74DW2jR92gY79iEsFrre1ny3NbSwl8EGB091wIYQyL7Ho3Xf3P3gT7nJkJZVIupHy1AL3OnXFLu0aQ9jZogZz0sFxzcPAzim0\/TD+aEJKEn3h1ZCM0dvkLQLeFEGKVhxypzfJLDO0hydYwloEETx3qJaVHzqs8Wq+SgnnsMzDPiMy\/H9mXbpWFOmZUY8c+RgPNNwEPY9sWGgREkghLZgVI4BmbR+1He8AIC\/Jqb6\/fZGK9Su8InqtBz4VDwmCvVjB5VmwRYgEff9Co9KEAKioF+rxsp7jx4CUT\/dUpBgwtPw1AAqwXhQ\/uIBWqnOLtB+sJapVDGqCd6YbeW67lUJtDoMU8VaKm8fednX12fDvla7u1M+CXOyIf\/4rq46zKsHemwKXMSG27KxCoqvfpu2RFyDoNiwIkywHe+mu0KXU6r0uKXXuXHjcqE1XT+Ol42P4hE1aTwsVJT\/aLRIVQDwKL6IhfLinh4zf9x0O\/I\/C1GeMvABe16jJTVzGkcz49endJCMetsRgtWR7oSOwEn5bVIocg8jZsCjdrwEvd6kjZWMsRgHhtbLq+aU27mgxUfacXWiiGTsT33DZFYnj2Gbfgh1MUmZNuxbwGQK74YsSlD8+37pnUDCdBxPu+Gf64VQKHxJ9RtZ7tBvjcOGhEiQQM2Bqm9+kC5dGL6whXOTdBD0aHE3e3jNhysBJXeznMxXLuH5BpQBNhY+pGCD36HH\/gl2POk5EvjD5emciTPfEvMoX\/pO1twUedLTeXtt4V8bNumuTzdRWus9vZCGnaJKWYY+IluLtxDKaBHhULnRKPZr7a3fqY4eZZWnvSv+6SyQfi\/guF4IkYLhqf3LM1QbKUpuoYVTCXDg\/iejAGelMIOMZk\/34eSGVjsk9H4ZDrbf+Wviyu10e\/3LGX4vZqXdNId0qCEAQQsb5bj67rIpqEUfO1gjj68uRkOWA5pTXz1Cw5OGMJDODQJgEJUgUxpgbiqUn1yGaEKOOaiaN2Vv5\/u+w6mqQni+gBiA0+4K0zEMbn8XRxSib6SxlyLQVFPK3+8NFm9X2am1AtSH1\/PoCM1+A0L4I8UddMiaV4KJVbD4gIsbkZTEL2rNpB7+3TEPLkz\/oWqgDlYpiSJoug71nGWFcD+HEERUlO5Z93B7c4XWme9gT2XSraJ9EGS47MTy8E5gSuzHgT06aAD1VDe0EzdVIhzO6QfLKRVyqK\/DkDAcF1dU\/CysJQuLXO26HE1qiZstmUL\/PmaIF1CAre3aq1TiBtKi47RcAusmfTZViQ5pBnP52RilqIkeFHO7qJ+Xe7UbBid1eckGMDShESIKSMkg323ewkUsCQrdbbCQCNxMP\/vovWIiozrHVfadoXMR1+s3vDeGvdijxN0cQlXKhRXEHz1q9AFZPP6OvHtyaigQOx7Av7+CCavPWtRnhVyR2jLsjvU\/P8W5IFa8Qs0a8CJRQpkCWniRyCA3gsdHuiU5LPzN9N6ilFVKYWl8zCdx1E0DuWVnebVHPp\/mSPBcwJb6Kn0mZE5F6Slv4ios+F0zFBa\/+ONDhj8YI3D0pzybuWoGGURZpxxZvXyeMYFUqAzWQpmxOYCpDyYaRzpVXybXDJxWUfNGwmd6Ve5t6JHTxK332fJRagMHTraU5uEpzRuAnBCqVX\/orlzGUbI38lDmfktCRZhIZ0TA4WOuMezAS\/U5UeZ\/Ky36Btzeqc\/GtSNTwfx5pintfeIcHnEiV69AT2a7sR3PISNs\/w0efL492At330L6CabtPqbX+3L9tP+74e7pNSOxbl7oi\/mRnKkb9k8n2BH6yIJJt5VxxH74+2OAUxERThSHVZlYSiPBPktL4R30L859p0z2Uz6qmrKoN1is1fQXX8xGHOr7PkuLtDJqwFDVFJJ9YkA7Dx2pq++TaR\/9pl4AeqnylRZtWT3EJRF\/MYY3nnisHit78gzVET6d1BuDKtwoAyw4mKyfoqWDMp6JOacbgYmXKL3bRC0doX8dbGOchwnFREadeVLCi\/Q5"} +02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656652731631188,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_usec":1656652731631188,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7xQAA3Bt\/lQTFEGQqEABfDhZQKC2OXGUpUkTKAEAFmw0YAAAEBCAom3sgTA1a0\/SxS3iaqHGBX0a8rgr8EFwZv7fbGR3LsZjVMCYTlteWImHMg7dpDQx6QAkVSKrBDRWsAgkFKUO9XRHQzEdcVJv+Jk6+iQYy27OR2Ruv0q0NyJCK8q8neLYQxD7xGx95YziHhCPmx+v2VJKWqXvo5pekBzrhigp\/0TmX3aYQplVTgwksBVP1wSVYSvnxpw4x3MGHY6EK1PhkChr6I2QaCOOskNMVQXjje52Gr0TD6cnIJniT0zvgTXSdGXH4d1pNmH6VI38eKJmR97TCaHW4VbObiULCNV965z+H0nCojIGmrzSNlYRkWatbld8Zbak+Ve9Ye2qFSUfesBybrU8MPKChWDS4szas\/0\/+O+hp7fTEBfmCOnTwpeZ+9ckDlu30IjD3klrlcZcGx59JJ23VaL3mRHXN2m7OYXYqgEUyKkpkk87MSdGKaT3iv+xeB8fdAD0S5iESPxvCatNGVxlnPWQC6LE2Mwk\/UPzo8wmxmWU\/4g2SzkG6fIhc2KfKoBTSS\/18XObBYhTCKn8tmchtQQnCFEhJwUqNPVQHAM7VWv97\/MrpK1Gg3ow57h3u6bsT3zD+7JqhTzfzSb+JLf+gPPuPmKrDBND362h9HtUe4u54hmK0emiAYbKHemgqk5ObUECg98wBR8GbmhEjkgqd5l9MpJjXEnZd7YjYb9HqCPVuTVofELhtwiquLU41YKvkqj9qHY3i83C4I5rsGWBIQz9jCnG\/LAO0gc+K5MhM0jD8w9afyXqZxxIWbvFCzYdvaAxFsd+dbs6QyAzMjBlRwZZJGoKCRudoGu78iGcHZ9v4JjFh8PqFI5RKE50MXupgqZhn5s+mncV4ED4BR62InyQMO+2lSV8XApXho3jZD2BZYaHL8BxzViM2AnSYU40nV5P\/9Zcawh1bVQjVPNsaeHWxMJc5P+uhgQ7yN5cDddbbbFops91CwGboz\/Y\/iUMqNL+Au752094lP9CLdBHTtF0nwGndsTr7PXV2am5lVFY+07I13Rnwh96VlnzAEErq6QUJMFpXVjoILKF75mfhkzufc5ww1btEyyIToFedBu8inrM2nSfVR4GSH1acVyxGJN\/xPMqMoz7qX11hSlDnDNA70XCXcPknSvGQJeC42YvRZuyBXR4bSZJpW3uxAIMisVpx8HuvqUlRDvWeTkl\/KlLkLPqVG6A7V9IJ4CzPp2LGxX0mxIii\/hq8qrdBvVjXBSMG2kFGd1Gk2CYKUDdUedzWwHbeA+x19\/Z8W9DscgX5Ingwo9qBoCIrSYVEyo5A+Bu6P2A6MYai8bIL3N1ixp0uHekzl1S5Y5ONHOtGVOFVnwRx49hvB6HPO9wc0rIJSIsq9YnBJNWgIZNFkCjlBnZHso+vfBKU6hgL+4B1v8gJk8\/+OinGcG00MXqyjoV0hIPvX8fcu6dH9TclFMmJS42m7WMCCPvMCk17qoAwiC5hrfwamrAiYI\/PEcMUUmJwNoLE7aKVZ7926CN5wXkVGlgQDYNSoxPqXoHqtbU6arZQtfgfxuD27lKKUbZm7keaLAlr7T5d0Wedi07GEwl0yp+Np4OWX5kU2Sgn3juSmnKnaCzCcLk2W4PsHrD6xcXA4Ni176mRo2kV4lUcSZ9ReNwImdlBbdKoXwKkzjV8Aa0hRPMOK2kTBCfB1GhE91TGa9BbzjtvK4JbGfzJcCXKDHd6qGUGMR+lTKBl2gIfVx9fr7SRFiR3Ky\/s="} +02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656652731631193,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_usec":1656652731631193,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7yQAA3Bt\/kQTFEGQqEABfDhZQKC2OcIUpUkTKAEAFmX14AAAEBCAom3sgTA1a0\/YnJx2iSuJ79A02iSpm6FwMDCxojqe3RWxYZ0M08ncnevlyLwEs736KI5r443nS22drmsh9uGhCZYkCFNBlUDFM\/fcySdr4s04uEoVmjB1uKTTY5O1iq2DJoI5MGxLgLg8QvJV6fvfCXZ6RnE4dDQiIKlGpZ6tXLF6Mz+ey\/8dFY2AT1rsNyhV+X0bV\/EOXEuIwmAFV1LryIayjOcu6vLr7ov6Mptz6sehsvUf5DGP17QZBXoW2mi\/Kcl3ShTTgwt9v\/wM1dq026xCaiPEQl60C4quZOkJ+JAEi4BqJdDXhLEMXqJxBfKJs5wqxk1jmzEo7g9L+32hLAaYbpfxct1aR8nxcnCyaOzryfCuVzZ\/wGfnagHAmXgL4EmFl0R0+fRYVNXcrs0FGzEHS3Gk7zsqtb4Z2n4PGcRW1qCVKOtuumWY1iFJNH0csOYTuNxKkkNDZPfQ+Dp3yZfVfSiwb4BGn9l38WHTE0YOKlq1yVGDmCUy6gdd79RDopbwFnPZttlJCCzCPkktS3t3KOcaB\/eGasChjxz6icscSxGydetqvpb9enMDnWVxeWK\/JCTdy8ohXEnSXaAwZsXmkENcBdlUD560QPkDd6GTg47Kv0CNmHztYt8zkV+f9NOu7APKLg1ObmOJR2+A2+qK6FW1J\/JJPfioNzfAxr6DHekohSKeWD4T0PLKXUfSS2apMfcJyrCJ5lNA5OlvLsSfELfXZTV+ju+lOmGbEvLY5mRqnxr8\/fdAo0dA5iy4drivybc673PvIX\/r8hnM1Nl9GSSvym27i7rvNxu11SD\/mRMC1Z+17RC2YYrQW86TdaxQblxFyg6fGcVWbUOmeZ9wQOI5lRENBqEZHZtMT66TOxeZfykesqzsO0m0aAFOMWVbPCc53IVy\/WEu9zjBOUlzUmrOZqroVoY4QWCJ1vKJHdxg6IGvfkOoaj+B9n5GvLx2d7kHqcgiXh31YiwZ6MMcdISC7STJZdKc9pp5fJ8Q+owXSpNzIWJpmj5k1t8G1hIMxmaAX74prYtUhMYtegD1jYHIOnCbSViIcR\/tQerx7JPyuG0GS8vjL\/gHMHK+EvglsbofCYvAEgYmCXTlmBRDffF0cA+FbdCZ9oITQ1ZOOgsrYmUuIBXFiI+KPAz1qkcTxZNfaPCBsrX5sIrkCNfTH29spcli4OKwsecg4F4Rf2EL+s0Ltyw2fW9zkDqHTXQLkeEQHrAPBAEsS7aCjmzp5TCXxZ3sh9FD26dfGZa0TmfegYQISUY+DD5qKYuZaEEGrRiuUknuKlxlNRFcGW5rxprJGAkmaBPtwTx0D16KblFvLs9qbs+W7dQ8CTNVCcuF\/CXAjiOU632\/5kKG2HF91WV2BZBqo71sue9l6UwdBzuHsJRchZ6Rr5NbETjZFdK0\/CCz4O8HbrNKjxsS0avnTcXWzgtgdt1FCQyw468K9zDoc2QMIKDrH3xcLN0odxSnOLty2f60LfsaPIxHTBsZEbkhbi1UbTwakfW6B93kvu7TM5t1+BgyGSUhH8O8ots9utFuXZxSzTU2SZEs\/EKJfcEzsf1XSRHfi3ne6hUntHe8NEEq+7cf0jSFSjLgp+1rpKOprJ2ErAhGrpJdBfKE1QquvVkdKe0NhdODLVkr6rSzTrgHF+6oXDXQoG9AX9qDGiPkI2Y1d3VEugsFLTl+7dCaK3p5RGcdyuy\/Qxh2ojlwRUVEarvKE0Ew0wQDE="} +04058{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656652731642162,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731642162,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7zQAA3BtrbQTFEGQqEABfDhZQKC2OhKUpUkTKAEAFmmhsAAAEBCAom3sgeA1a0\/eWOf\/UcqY2pj9uZK5RSGVXyvSf2ep2S+G3D3q4XopyKxPPraArtz1Rp80zJI+28ip08auJye\/jLk6lPk6rRFeTHNUnPjJ8ITJAbUoqJK47NV5lyVbZ6dHSXdjkqwkhw2BUPefSlTo+HmX46hK+vcWkaUqsMVA1o7r8KqpggrRoTB5FhJHQdKkS9irjiNc3\/6fIH5f0Rxm8bhymnjMLxFa5x+Yl9v5TcoLBkF+9Un4KjCfveTm2xqrEeXhmH9o6dDxxf2aIGsGv\/YsfhfAWdO5VNlMgKzj9AiGo4+tXvDV2r6lJHZ1laOGAY0mvhjU3N7wfId1JxMn+2L1caesF\/QesG5i17Yd1LBua1ekfQ0mbQpA0g366xu0wKV0sGWLyi1qFvA9GzXXvIZqD5sX\/4\/ZY\/Qgojia5EwF\/1EavMAGb2V87XcT5xsVuz17wYlggG3ywy7TXcajZwZCnvTh2p2qB1C+pyeXNtMKc3jT0I+t7PwMQz63FqHTQlEE7MorLW80z8\/MKMk+HHGEAuSgKEJN5E5E1XgwbB3a9adQVTf+xCigVf23Wa4hgEbJnt9jJ4Z50YZaaUypYXvVk4nELoERaU8PbKZCQzg5N+L6cZXnCcd8Kp7ajvAC8zcEXYzqxrOLERJuZYBX1L3oHJ7gy6CAx7UGC0g8nwBCxXkWOzBGwEcAA9C93Kd4Xt+oa9fZbNdkWZNGaGQ6zf9ko4+CRzlyKcgoGYPZzhJGLumbvYkAF9NxCBSelnWUJLOGZLJRLcVa6leOLvRo+VFCoNKhCEde0CycqdXnLqBaPt+XPC+g8QLG04\/cmTYd6wQ14gHAq9YRXpJg+SC1WLVzVCerv7pmWO7eJZ5eK83BfywTV6zyaVABorTZdssEn4fWQA7vWjP8fZLb+6PO9xc3bRG\/Ng+UYfNKfxHtINqZQNOu8x5QRLvqLAJ4hzLRaZ6r7HbItoWpnvP\/62eu1MQjzx2z\/H21OkAkv4msHBFj2EdRt3qxAcjiAVI0S0caiFmQ\/Um8VX+zqoA0naPbzPfZ8RIIAyPajUweR65kCNSVbD7M3FFQYonBLX7M7D7rK8Z4xZ4BRgpZo61UoiWfI2JoMpqxmiyW9strhyP6Iawfl7X4wIT3aFGK4GXVChlEcTvp4kDdFKKupPj+mUFrf\/fwQb3z\/ssJZu6uYkQeRxC0TcWPWjSBJrNqwTdaBLN7u0bDJB8JNnTbbtlS6JHJwqRwo2lui8SSf7x1uwdJBGN9YLtkNliDCMnZsvWTDZDTEEnMP8+af43\/m0PFv7LkknCF0bW23hBi\/kq\/DLYSqCGwojOt+DjC1zTPB\/6RTxd7Zh6jlcZckOKxhO6j3OGuEHHpZPa6wylpL4f5LebCT+290I\/0qYBW\/Btp+cJDX1AdPsCBzSyQI6AHguYUp533LMR5\/Irwf4I3s4vPN5fBtHpJCIX+gQ0IT\/JoxDtX2H0duU7+ww\/9mABbPPV3galjNAdM2USLZutUTJKLl\/AYXJQrWC4H7+DH5pNb2nwJW+dsgiJwiAJPI6T3ii2AJf3a9UWmVVFHU16WTJAwpYXiv85xgWrO0p7EIQwwdMROV6HbLzI0OynESCz2w3HlUXD1S6RPB2HMPeAIRCB5871xCeKzQM+zsbs2tg9pSJx6mvHxP8CVWPP6JxjAoztndY8xvDFfLOm7ivP9yw5kNJmnZXFVrReiXsD5TdAHcwtsVCYB5VGp9nB5hKn1OmJC5FaDeCZSZuMVLMDMKEfTZpXCUBtlSIvtpVLGOEyeW4Uq1DzmnT8kYpUtuajDSoayQvBRMN4BZvSERAz1OG2RaMO\/UgJdpc4pRZGQSyhR2R5WdgNEk5F8tJXa0lJKGWdUAWzouCs8PcI2zygcHOePGMihC6oRlhT8+cYrnpLh1FUqXTZeofIIp5TWS0OQvvlrxHfSz5+Q6cBP7MeI7tHFvuTy4kTcsmfH99um2aAlR0J0gwNc8ZC\/JOU3dYnsP2SbbgM53UhEseXyVTbk2uju10iTbMFRcEK7UnFlLDBPnVne36r4M4D99iAYPgeZPB0iYP30a2NMucQUPtWOsny2YHjSiRkZhocAZCMrB8U\/MteZsXAwMLGuzfHEIVMQL7KodoRhWoNLgPzCh+mveG5NvSYnHejLoOB7D6pxEjKuej7IxznoRWhBibOUvfkqcxjqPgBayAGHM0SZGvTOEX0TqVH4MSvCp9z+aZIBqUbKwmTxOsK0Np15EiMLKwfbvtBKHd2HXmGTeSgYKrR1ENQBgQ6OTP9er1CK4pSVvzTogwtJZzREL+XSwz2OSlor46B6socVB8Gj2XOlmgbRnEFkYrTCdT6lEAeO3pxdtBz6iGHI1+dyKOJS24ekQXWOeMhCAnwelOGJ1wHByw1qo0P3N60ny\/8\/L16gKzjzxGoDPdnhAxH48aBhhvms3ZxEe4acgiySTcR\/sovm2MbpRbDDs6e58L+SMCxx0ia8lRBj2P3+RAXXq7VCarDqnoEg7l3\/X7QagurrkDuSBMCdJcEYPc43OlRQr\/4vdGWSrQntUAEuFuRl9c6UsjOk4qH8zFj\/9T76LCvwYycYg0LC64Ua+K+VySPqe6yjdri8gIH+ZUOjcTo\/kSHdCdh5ddhEyH+UbybWeJ8QFELXTxKKtxw2LMh9qQAxYTHjrHUAE514d\/FfnxxDZnS6PR9EbFJ3eFmba2Q9FTpv\/lrxRfbsY9\/SvsWQ5xM6MoFAuXnJ3Y\/vbszDrS6xeYCd1v\/yqLHjY6uAyvEB37PWqXcLCOfLZNaq3RVmGcGE0ZRaqNMOVo4mjrB8Cr\/3jlKAdlFNRI0oWDmfflCZWslPcn\/4sLRKxprVPPDXeWKxKkkg98E2TOuTERnvBWJfPtoVxQILVUNDXkklTkUXoahHJDnBMLVxkwdbYaWQCqGVY+f+B7hips0gQTUvjr\/XjbB2FtUEEyFP07PXUWZZ1JLmKe543wokyXpVlZabqJFh\/KLS1OjjpYF89dEXQx1GQ3HTTpU3h6bpdWhkP2Ip8hV5h\/3H6ctFJXj39O9wwQTGZzenO05oK2EZ\/COUErXoCnJ91CLotvqV\/bAe3HgS+SwKjSq8Que2kEwyxKKpjyLqqQpz5ta3vEU5CC78flc0tG4eswwV212h3evMFI8WLzKTQu9zX9vL4ZgUj7N5bcFuIlDRyn7GMpBIj0da1gReeJ25rLe0xkavnjptzAFO6UGcd8QBDlmB2HmlTkFyDh67Q6rtxzK4mErsGGQ+vkB7c1\/ce63mMzzFQ\/2eDGq6hP+SeUBuWh7JUSZov3MSTS2z0yWGsBIK8WKpdVZps8s+A\/HxWGGNB5EdPHoi1gHlLuaMizw+36AlVu7CpKd7cRM73X85P3y5Rp\/dwLNU9I6NBTUQZC\/qUBfeFo+Ki9OHJ\/aRz5wrmSMzud1X9apFgyAg4hOVCfBbwE"} +02196{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731961797,"flow_dst_last_pkt_time":1656652731903862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41208,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731961797,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20837.6,"max":150485,"stddev":35657.5,"var":1271454592.0,"ent":3.6,"data": [7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094]},"pktlen": {"min":80,"avg":1348.5,"max":2628,"stddev":1007.2,"var":1014474.8,"ent":4.5,"data": [2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0],"entropies": [7.935860634,7.912645817,7.844571114,7.831790447,7.918263912,7.928714752,5.522979259,5.447978497,7.859277725,7.870418549,7.933502197,5.497979641,7.862855911,7.853259087,7.847196579,7.913461208,5.472979069,5.319669724,5.429106236,5.429106236,7.836807251,5.479106426,7.821085453,7.859042645,7.931487560,5.538542747,5.538542747,7.931249619,7.868795395,7.859850407,7.922960758,7.932232857]},"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778161151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778161151,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778161151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778161151,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPJe\/QAA\/BhQYCoQAF0ExRBmU6MOFszN1DQAAAACgAv\/\/UcYAAAIEBVAEAggKA1bisgAAAAABAwMI"} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778372319,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1656652778421535,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778421535,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANJfAQAA\/BhQfCoQAF0ExRBmU6MOFszN1Dr8TpwSAEAFXcrgAAAEBCAoDVuLwJt9+2g=="} +01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652778421539,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOZfBQAA\/BhIZCoQAF0ExRBmU6MOFszN1Dr8TpwSAGAFXVWEAAAEBCAoDVuLyJt9+2hYDAQIAAQAB\/AMDr1TvmxMyvNf+q717HlpuVMH9\/2gtPNvQ62Ai\/wsFQ4Egfoq8jeo6ii7AK7CjRsR0vzcKrDa5VfBts3k4lPGsvG8AIJqaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk8rKAAAAFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZ3vWq9kYKj\/3HkFLmmuM0Bc2kp7XBZSKjegj2paQwPPt0ERZnWpYSLR+I7K4AUK9Y2TaBWgf+V91OWtns7JMLmSahqNo2fkYDjSGf\/yU2ej1t1mOtjzmMMwNNMp0AhdbJ5wAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAg+punvdb2lxSVGdI6QjnaO96xqz7MDZUMuBufWP7ID30ALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACCgoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgHP+C37PmGfwkkqH3YtMvFo8GlUohGpFAmkcmxiOcfaY="} +01585{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778421539,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778641891,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANDC5QAA3BoMmQTFEGQqEABfDhZTovxOnBLMzdxOAEAA1cMUAAAEBCAom33\/oA1bi8g=="} +01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652778641896,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":1}}} +02518{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652779042511,"flow_dst_last_pkt_time":1656652779222772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":5006,"flow_dst_tot_l4_payload_len":4491,"midstream":0,"thread_ts_usec":1656652779222772,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62676.8,"max":270784,"stddev":99488.0,"var":9897854976.0,"ent":3.4,"data": [211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4]},"pktlen": {"min":52,"avg":349.3,"max":1400,"stddev":449.6,"var":202163.0,"ent":4.0,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113]},"bins": {"c_to_s": [7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1],"entropies": [4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831434184,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831434184,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPDStQAA\/BncqCoQAF0ExRBmVCMOFn9EiagAAAACgAv\/\/g5YAAAIEBVAEAggKA1cWxwAAAAABAwMI"} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831643678,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZUIPEwzlZ\/RImugEnEgLEwAAAIEBYwEAggKJuBPGgNXFscBAwMJ"} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1656652831673898,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831673898,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANDSuQAA\/BncxCoQAF0ExRBmVCMOFn9EiazxMM5aAEAFXyn8AAAEBCAoDVxcDJuBPGg=="} +01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652831673908,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOTSvQAA\/BnUrCoQAF0ExRBmVCMOFn9EiazxMM5aAGAFXu7MAAAEBCAoDVxcEJuBPGhYDAQIAAQAB\/AMDO7Zo\/JbRTk369S4SCoIhOmdg2TC3hkHYNT7vL9EGoF4gmvMu5lvj5xNX7exy1AfIdKk6v5iYOkqNu7hLh1Y7e9QAIFpaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk1paAAAAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZA+EuMf2lqc1yOKhVFtOQQEzV7TIAzUr4SQaoe3tyBYupujSwQJJFCyCF65TcO0wfF4l8YlF7mJ8mCVWiyJnQVyFOQ5cPFn287fUzN2Zjut\/czCT8Xb6ucpXDdeIzkMQwPQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAghi1p4yRBK379yGiurG3H4Jj+BGfDg24Eyg2DXh39FV0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACGhoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgJjoaetj0dIRwl01FzpE8h7C\/sNwfh2G7XMxsxF6YNAA="} +01585{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831673908,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831894729,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANPHLQAA3BsITQTFEGQqEABfDhZUIPEwzlp\/RJHCAEAA1yI0AAAEBCAom4FAoA1cXBA=="} +01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":1}}} +02505{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832235258,"flow_dst_last_pkt_time":1656652832454997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":4808,"flow_dst_tot_l4_payload_len":5851,"midstream":0,"thread_ts_usec":1656652832454997,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":58770.5,"max":269120,"stddev":100848.2,"var":10170350592.0,"ent":3.1,"data": [209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3]},"pktlen": {"min":52,"avg":385.6,"max":1400,"stddev":479.7,"var":230117.0,"ent":4.1,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]},"bins": {"c_to_s": [7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00803{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":333,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 333/333 @@ -42,6 +42,6 @@ ~~ total memory freed........: 6680923 bytes ~~ total allocations/frees...: 114393/114393 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 558 chars -~~ json message max len.......: 4049 chars -~~ json message avg len.......: 2303 chars +~~ json message min len.......: 570 chars +~~ json message max len.......: 4063 chars +~~ json message avg len.......: 2315 chars diff --git a/test/results/default/vrrp3.pcapng.out b/test/results/default/vrrp3.pcapng.out index e5d304fc1..f2f418086 100644 --- a/test/results/default/vrrp3.pcapng.out +++ b/test/results/default/vrrp3.pcapng.out @@ -1,17 +1,17 @@ 00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00787{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} -00731{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606456815,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="} -00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00731{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370606915904,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606915904,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606915904,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606915904,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370606915904,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606915904,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1589370616409609,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370616409609,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1589370625308258,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370625308258,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1589370634045777,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370634045777,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589370643139440,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370643139440,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370680701452,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606456815,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="} +00893{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370606915904,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606915904,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606915904,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606915904,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} +00893{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370606915904,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606915904,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1589370616409609,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370616409609,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1589370625308258,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370625308258,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1589370634045777,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370634045777,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589370643139440,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370643139440,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} +00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370680701452,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00795{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -26,5 +26,5 @@ ~~ total allocations/frees...: 114039/114039 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars -~~ json message max len.......: 926 chars -~~ json message avg len.......: 744 chars +~~ json message max len.......: 939 chars +~~ json message avg len.......: 750 chars diff --git a/test/results/default/vxlan.pcap.out b/test/results/default/vxlan.pcap.out index 72362fb03..6d485b3d5 100644 --- a/test/results/default/vxlan.pcap.out +++ b/test/results/default/vxlan.pcap.out @@ -1,65 +1,65 @@ 00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00785{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645225,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442645316,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645316,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbANAAABAEcnnwKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbFAAEAR1uQKChQECAgICK2VADUAJoy+G88BAAABAAAAAAAACGZhY2Vib29rA2NvbQAAHAAB"} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442682647,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442682647,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442682647,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_usec":1639650442682647,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAfK8cAABAER37wKgWBcCoFgSrWhK1AGit0wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABK7zAAAHgRJVUICAgICgoUBAA1rZUANljckMaBgAABAAEAAAAACGZhY2Vib29rA2NvbQAAAQABwAwAAQABAAAAPQAEnfDgIw=="} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442682647,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442682647,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442711366,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":154,"pkt_l4_len":116,"thread_ts_usec":1639650442711366,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAiK8kAABAER3nwKgWBcCoFgSrWhK1AHSt3wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABW18oAAHgRPK8ICAgICgoUBAA1rZUAQjV7G8+BgAABAAEAAAAACGZhY2Vib29rA2NvbQAAHAABwAwAHAABAAABLAAQKgMogPFlAIH6zrAMAAAl3g=="} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442712036,"flow_src_last_pkt_time":1639650442712036,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442712036,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442712036,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442712036,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNKAABAEcnbwKgWBMCoFgXCYhK1AFoDcQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8c1FAAEAGK0kKChQEnfDgI7CqAbtGa9PfAAAAAKAC\/Vy6qgAAAgQFggQCCAr1DDJLAAAAAAEDAwc="} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442712036,"flow_src_last_pkt_time":1639650442712036,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442712036,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650442720908,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442720908,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442720908,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442720908,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq8mAABAER3\/wKgWBcCoFgTrRhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKrMyr8yRmvT4KAS\/\/+p5QAAAgQFcAQCCApu3xNF9QwySwEDAwg="} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650442720908,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442720908,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442721173,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442721173,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNLAABAEcniwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1JAAEAGK1AKChQEnfDgI7CqAbtGa9PgzMq\/M4AQAfvWagAAAQEICvUMMlRu3xNF"} -01034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442721478,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":434,"pkt_l4_len":396,"thread_ts_usec":1639650442721478,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABoANMAABAEcinwKgWBMCoFgXCYhK1AYwCPwgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFuc1NAAEAGKhUKChQEnfDgI7CqAbtGa9PgzMq\/M4AYAfsRCQAAAQEICvUMMlRu3xNFFgMBATUBAAExAwPcWPn0A3m1eWVQI6wIeeeCbwEERXHekpXL79ewykXCYSB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06gA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACqAAAAEQAPAAAMZmFjZWJvb2suY29tAAsABAMAAQIACgAMAAoAHQAXAB4AGQAYACMAAAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvh2mgzmX9e9ai9f7D2sZdwM6XcPIdlu9U72vXq+2WUY="} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442730182,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442730182,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq8oAABAER4FwKgWBcCoFgTrRhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0NXJAAFcGUiid8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQXWHAAAAQEICm7fE0\/1DDJU"} -02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442731370,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442731370,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq8pAABAERigwKgWBcCoFgTrRhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYNXNAAFcGTMOd8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQV3jwAAAQEICm7fE0\/1DDJUFgMDAHoCAAB2AwOmSfmdNeNm8QDTG24pPSbwgaHpKWVOEuxV0VdDoIbVRCB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06hMDAAAuACsAAgMEADMAJAAdACBeWCJdN6DYiyNoL9O4psA+bOwF3dlPVj+\/ZvCptenEWhQDAwABARcDAwP5x3wWkfPx0kKF78QldsrrAx9RhC9Bn0NSGlsi9mLXhXMxtjC1tRafSYFhQiJT+Fexnm8My4gs26aQEytaTPmgh5bUcw2QSfIZvydw4\/xZva+hLS\/8KA8IimnKia46hp3fWd34D\/kZeUEi4PChEE1dsSEooXjU12XznCQysKGXu4bNl\/M85AYOBz9YkdnIBAFMjv3LwRfyKzi+n+FzF2x2zQZe5zhiQO++hcg2a8zSiSl8WG4UQlAbxtYUcRtsHiuPhWa\/PFDmcr\/s5mD\/Q55l8WWg9PfvSz5AAtjdU+LwfzbipKrnitGs76ROINneUubu+vg3oG1HDHdCmIEKeQwpdQlOkFMa7Zj9p\/hnuj8kufGBHQWOnvQ4ESu9jqNCVadRhiLORyEnSmIOTVXq2PFZieMvXd\/iPGqx2LJGD35zc9E73bB1G1gUSAjqKKkF7Ka0QSqC60GRLch93kQOqKrg3ohzvWu6Nvcf1bKMMkwp3RH43UImPPvzJfBg0eF8coKNcZUeUHlo354awjbPVkVZdhktOsK2GP0UxCJQkEEIHy30I1R0Mi0YUyrXiupVR5oc885KczFIY6ZLchLSI9gBm4CPo74pczykPl0D2ohno9XIYd917oz\/CK6iDlxcZRoVCD9vR\/QBAVfogV5k0Bxag8nU0KkVlVrZu05e7Ga+la++aA\/ZRES1+kbfTcNkz+8wG0huQcFD9TuPucbrdbya+Lt4QerqgS6VIW4NcTKUEe7ooQN3x+GdEnHT5nA80FCh2Q8\/7Y4VrtbkIgXx1EFWygd\/V2e6bsr0FcvNp9dOQi4BilNsmBAYks4O62pQ+ID1+NsWsODEwCDgqelXXYi5V9R4vP0erUMDezq+wfpJUYzqIfZioJ\/y5HkwdUPno9YJNeESiKCDdm0vSVcq2riB8OcvQGo\/oDBJBq6nucF6sN73xA4p3ylMscy6Qt06wCWiIr6\/vtUxxidwqOW8p2ZSSzkMx7XwpulVjUmRTrg1+pvDcBMZhTG9kIWHEUpGufrn4DQ51+oLui2RUzj5RrrnkZPvUcP3Uuf14vSYq\/g7J4\/eWdbdU2KCbHvT9wEZhi+VqOcKwG4DrRCujjzD3M4n08F6YOy6Scb4ZllcNjr65M66+QJXPHl\/qHrvVforxHgyi32Tp\/UN7ndgWwvzaAOqXr7WczqRiqyo11sYjhK2i91KB3fKsvsBdhbBQICqoKnWoaqw5eT9wfklQ0THh3G6DwjYbN8EYkzO576Kr2zwXFUqs4v+YkPVQY1z03PbCmgHbLckVMef7zjCijTbA\/yVRubOrENRdj4UBJxaoYP5sU895ipoXgXM1lSoqdOIJN4We+WBWsDjj7BpFwMDBe2TZHfrkB8f5TtDXM+TM0HPoRHXGJ7oGDZRZy0uPUx3IAPv3pCX9H0HbaU\/LA95w76hakUfhlXm7Vn78btBVP3OOeAsZ62gfgCXMiiM0NNLeJLiobbCc5AckKUS9M9XcUF9gQ2jgSpnpqdmyjX9LeO5ci7XrBg6Kuj9ATfiiYj8xXQOq0KONbnADXTjSNP+mRm+X4ZdGhZQhoUs7+r9y6T3L6QaFdpvuhamDG3Y+2lgP0Oygwz31QjrgZ3kiDdVFWXvn4FweXAGyXb4\/RH2YOzcZO6qBDJPMp+Xq7rr"} -02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442731442,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442731442,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq8qAABAERifwKgWBcCoFgTrRhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYNXRAAFcGTMKd8OAjCgoUBAG7sKrMysSXRmvVGoAYAQU7NgAAAQEICm7fE0\/1DDJUv15zsQlwQkQ\/NhYJ3BZREfnmFdZbCBYxcH5Rr8tCtNf6ESAWVY8tSe9jJJiifvWfa\/l6GP\/2DH5vx1hiESCo7qZ07tnxUPKngad4eNAywA7xfr4SB9J0b9SG8STo\/ioZ\/XIPiqX8TB1C9dm8LdLTl+UtrLa0P6R+Pf+yHNw9G1GTDNTjJ3eXPDxzw+z4E8wjIpPVtJQIpd3Ox6EEe+jlPjM6Iqk84CNm1kDYmXaPmynIDot9uf5vmpaoyf7joqudoNsW1O3hbGiy\/vRGqK448Nwh2xL74uwkHPO4SgorSzxilnymP2mPkqj+xN2z8urzdVfPdOMq1PzFHWbkiAFsffTSJbSOFxYOvh5iDUl6aXAzPERZeSGansLUOde4dYZadrZE0GiiOvkwp1vTWI7q5NEemXwLaevJAZ4VLVr2rVLUW1gNyx5VEe6yHz61UYAXOu1wUBPkF95uWVg6omgt8\/Py6XyY1IVjsRMmeV9SkfgNnaEv1ccQUB7UPIoisVT3ts\/ubWVCo7ov9+BF8TQ4\/jlcN1QAKhKoUnNEFTzXfuBR1\/V8uZHBH90fSu9+iN3rD+e4U7sVNyCcaV8vLSJFbZWUaDo+DfLVgMR2pwyqfMHQXz6KHy0TlvoyCglHiMVAB4Y\/opQP\/XjFiIwTKjWIV\/KpsqgCrzSePmI5sfRxCsjZi2p74JqqHzNFRYnJM\/K6HiBkRqD8hWfEZk9ruYDcwv61CdwMo9+5M4Za02MlAu8Umifm179WS\/nQ9YupyhdZuMDR4pWxPgji1aaTNubL8IxdeUn43isOTSFDXIDyWKqE0evJxX72UV6HBXD4l70hV6fOWYJV2QJHP8BpAhSHBM3zF4G\/gwMKQsN3AcjVW3TO6EqfKsYezA+WVHIxP7Pzmgt6WCTVHmmVAT7TTPvQf2VuMyYmDh3rAgfYchNdkXe7X5EauTS90JPEGeEKgWswg\/0uBogXywznbsvxQimkzT5LmgBarbYQ+lTCOt9ST8xXAyiQvmgh8nGc1mSWeO0KytEzgg5SMEC+HXhNIdaHwsEq8JVSHsR6lH3e4aEi0SckiaYX1fj0WJLI4WJPpk5WCR3hQlNgwPJBnxQRC+Jje6DPTzbcw\/N8k5mbS8qfQeX4KiQzB\/nLUP+HpOhAOVzZNWP3BfEhhfH9jMs8b8yqaYYjXTTuzPZvw1kmY93cYTSam7GJdfM4ld3MGFI2m7B4WlZUTmL0ZXgMw+FzVmfH71GM+kydW9WH33U0GaKq0fsmdPhAX+CKYL9kbBrVNOW+geYgcoq5Um\/\/\/YBalVH5ZjdVADgkHXDlMJJr8Xspyl8+HSkBG6vwWwBtPUM0GWOZUQSQ2KLItrIPcVcWilKouFAjTrUXZNE4cmkaq+JwjzpVogaWQVdR0tJ7pgGqxfJy8ePwhEV2pC7ojE4x2Jj9Qq2C4P+lf60fZQBuClzlqNFQc\/iXlm2ZMTKlmnqmg4z3mGLIDv6dhwTPaIklG\/9rGh0KcZ8w7BCpyA63zlSb8CU5NSz5XAUXs4VtHPzMtP4npapO1\/0ArCDRMxLhAjNsCtISSlDY0yUoNajmJg4qyyym6z9bAXjkqdIdJe+1isCbrj3B06eEtj1F5yJz3Az4Mm+pQLSsXIa6oY+YeUNDG\/myG1qvXNo3v5vP\/r3HtTg36paXajCh92rAIu4DBQhfB\/VFUywu6gQknNrfrgQq34kdWo9lXt8vA4OpsTor2RzVERcDAwIi+J1moVhqGIn24O3jdPsG+Bv16G1Dz3fHFNb44FRK3mK3MKiy4NN7t3PW8YgFh1bbaLlY14Vi1SIgIXgDOu1ei2\/GzNh8ZhwFbZ8BAT\/1"} -01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442731452,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":588,"pkt_l4_len":550,"thread_ts_usec":1639650442731452,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQACOq8rAABAERwuwKgWBcCoFgTrRhK1AiavkQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAIINXVAAFcGUFGd8OAjCgoUBAG7sKrMysn7RmvVGoAYAQXh4wAAAQEICm7fE0\/1DDJUWPGWEIopRc1kqqnRU0+lugsDnb4Vo\/J3w7OblyaZUlkVYbFmr5+Uv3bjjyoWVsSE++ZXnO12yHGrKJu1pbLqnrmbYAXLsYF9Qi8HXrgmeqkOwFBOP2RmxCNFB19MIcKz60l9LzgtUiYI4BjZmez3GfiKLT6vH1sUaHJvuYGziRuSeM9KkzSuRYzWvEVI1XCCWxBi2\/uvbwWSDng8q1AeyujuTA7NJ3xK4haEKdftraAmQbydVilifeJ+alFNFehINR1YKmNyIug4nT013EZPndfEm8QsEO\/RIaFopqgYe\/Nqdv0ldqu7KYMKH4kSvohYKS7xLdSyj5BuVvtTz66XrOihEzNFOh1HGJEqN9BMZI7\/l+43OsnYyzz6Za59S43b8nAv6jzEqC3waAo0BUjVUfzV83y\/mdnqGcPeOoogAZBvG3iQZy3+ULwglk1bld3ZTrfpOncv\/VsPNkCHr8GdxkjHpodBr2jIQ3kevQ\/Qvf\/zuw9PHxsIBiih7KuxAX6uRgHFB6\/h8a58gYHq4LN8LZ8yRxgnT9OiNrVL7JEJZnrNL4D2WThvLrSFIXyfH6bj0C2zG6BlMdhFKhjcI3cEBA00aCBVWwhlkCpck01CLKkp6Qzj"} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442731607,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442731607,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNNAABAEcngwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1RAAEAGK04KChQEnfDgI7CqAbtGa9UazMrEl4AQAfHPwgAAAQEICvUMMl5u3xNP"} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442731706,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442731706,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNOAABAEcnfwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1VAAEAGK00KChQEnfDgI7CqAbtGa9UazMrJ+4AQAe\/KXwAAAQEICvUMMl9u3xNP"} -00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864784,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442864784,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442864784,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1639650442864784,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANpAABAEcm6wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbtAAEAR1tYKChQECAgICIBcADUAKoq80C4BAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAQ=="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864784,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442864784,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442864881,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1639650442864881,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANqAABAEcm5wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbxAAEAR1tUKChQECAgICIBcADUAKi+aKzYBAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAQ=="} -00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442902284,"flow_src_last_pkt_time":1639650442902284,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442902284,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442902284,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":175,"pkt_l4_len":137,"thread_ts_usec":1639650442902284,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAna9MAABAER2qwKgWBcCoFgTESxK1AImt9AgAAAAABFcAHuppKm\/PZnpQqv+aCABFCABrklQAAHgRgggICAgICgoUBAA1gFwAV2EE0C6BgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAClEAEQlzdGFyLW1pbmkEYzEwcsAQwC4AAQABAAAAEQAEnfDgIw=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442902284,"flow_src_last_pkt_time":1639650442902284,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442902284,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442930989,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":187,"pkt_l4_len":149,"thread_ts_usec":1639650442930989,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAqa9SAABAER2YwKgWBcCoFgTESxK1AJWuAAgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAB3WtIAAHgRuX4ICAgICgoUBAA1gFwAY6QKKzaBgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAcAMAAUAAQAACnkAEQlzdGFyLW1pbmkEYzEwcsAQwC4AHAABAAAAPAAQKgMogPFlAIH6zrAMAAAl3g=="} -00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650442931548,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442931548,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442931548,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442931548,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNuAABAEcm3wKgWBMCoFgWexhK1AFonDQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8KWlAAEAGdTEKChQEnfDgI7CsAbtx7JCPAAAAAKAC\/VzRnAAAAgQFggQCCAr1DDMmAAAAAAEDAwc="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650442931548,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442931548,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650442941597,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442941597,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442941597,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442941597,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq9VAABAER3QwKgWBcCoFgSNvhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKwSxDYyceyQkKAS\/\/\/6FgAAAgQFcAQCCAo3WVST9QwzJgEDAwg="} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650442941597,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442941597,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442941877,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442941877,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNwAABAEcm9wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KWpAAEAGdTgKChQEnfDgI7CsAbtx7JCQEsQ2M4AQAfsmmgAAAQEICvUMMzE3WVST"} -01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442942182,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":438,"pkt_l4_len":400,"thread_ts_usec":1639650442942182,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABpANxAABAEch+wKgWBMCoFgWexhK1AZAl1wgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFyKWtAAEAGc\/kKChQEnfDgI7CsAbtx7JCQEsQ2M4AYAfsFYwAAAQEICvUMMzE3WVSTFgMBATkBAAE1AwM+kikCjZKYLJ0yMsC2SkPOGgwTwgkXQ4SgJHcmBMuaciDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2AA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACuAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIFjRzvsXuQ0A5A179GyLQXzYsfihHOpNhs3mPbXqyp9j"} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442952129,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442952129,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq9YAABAER3VwKgWBcCoFgSNvhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0iYtAAFcG\/g6d8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUmRwAAAQEICjdZVJ71DDMx"} -02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442953531,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442953531,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq9ZAABAERhwwKgWBcCoFgSNvhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYiYxAAFcG+Kmd8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUwxgAAAQEICjdZVJ\/1DDMxFgMDAHoCAAB2AwOCxvI5EXHPK47hHjBvMw\/BI06Lkop9Q1UWqJnwHHEN3CDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2BMDAAAuACsAAgMEADMAJAAdACDAmDgjswZAHJO96Fxo5TF\/yHycPaDsaAssE+9YRtxuEBQDAwABARcDAwP5a5IZfVeyKEpOW0ufVGHnS60wv8jhNGuVFX1zlQlbDVGUUfZZGketBg2YthNR92n\/MnYwVxVhLF8luCNg98YcDHmLLzoHZsL49nDI+l9FD1r3wmiZMWL0y3yQZ\/JJQKcjOwcRiF5wjYIImRQjdfRPMVOpZX\/eVRUbhOETdoAwwjdl+orOFnHqlPn5W8zlz4vJR9+aKEMgg4VpLfA7gJ9BUce3E1AaydUD+XJnWAEIHLgcGKblAISRpe7EvwEoeN3STwz5TvBkeELGXhsRX3VYe06CV9GB9VUiMOxvkOe31kzQb1w5L8Q9dutguKq4auDiRIQdo3UPxjULEUEc8daV3AVkJf2C1IybYidwRoHGi86ATrnZfFObldSoDiKx4JXrwos9QDOQpTdBNWZYx1lo\/uqq\/8g1iPHfxsw1J8SNoIu5azXqXHRnZtnkXa0yFNP8rYYC0HNJXH5qFNBZ2p1fwoVg6AJX9XpDhAf\/k3osd3p+iDepC3IlVLkm+GmIka\/ZxprUZwNv+NGPRXYwQEVExWeySi4zMfz+B08WmlYQlxDWeXWgy2Izp8brlY84iY7t+GG4wm4JGr4A5KEWS58eKrUQrvPFR3jjXo6\/NCMu1YlygA+8c1qXjV+4IWGGMZkGFl87oSHi5P5ls+PzEck+yxjmOkP2mvhzrgr8cdbPj8RHsmNL+PETzQCtb1+I3PsP7AAQBnvJY2h7WghCBHgXKcXI9Fb91uYXjT0slYvTKjLrM+DmeFlzGURSW\/vAfQS1WzWshi0ZK\/8PHNQOsgSP5kX6vbKm1\/h4vdrSdq9Xy+3ChNYwY3Nz9UiRkomRmJoIRcqg8BPD4F7Li3UV4xy3ABlESzoqS14VkfVrJvF8Mssxb9uvKQB+Qftsw2prI4ct04qYspIUp+UyM6Y\/2OJhQWUzJBR7uDTVCn7cANa1qv5E81wp3WQIDI4BILWzecMZ++5JNOCdB5nQhfnz\/N46Rxh2m7dGQVsrhILqQg18vZWRXgsaYlpdWLllg3Cc33BYO\/+xQSxE5dvD+kHOSyP82e6eYHseshW7ln2FQDBjhnpBmuu8bKe+ZLkLevp6JoX4n7CIT23dcVV70UPfHzh3IBD9V+aD+PezeVtAGtuN4sZFohCJqTCjU\/XDcbZBeh6OfGZnUa850szjVLwzCcjXUP5B2l9n8SVTcXC3TF1cNpmTKwK01\/iJodz\/Q1ONsNdD4Jx8jY\/TLAlz4SJ+p7EPwFCMcwgZZKDl7ngwm0oPKncBrp0h2I0LOu793MxLBZwWgaM2KE3RBP2Qczs4SWP11UNQru+qxNl5EQLpinZejHt4hIt43rCVfRdXm2XDWme1jb1NB\/BYjxMUFwMDBe2NF\/B6RhuN92VOyJI6GV0+4MNlaQ2zRuSi41Qbfxms7nL+4fbQoszMAls3NvQOy8nluFZhTsFed4rEOfffnONOkD7LtY9K1a3OfMAvUkl3q6LpSyD0SRfScUpqPrYnKJKjotSjbJI1H3Jju7kYZHpZmKplW8uHRWRib1NTXyMtmkspyf4o9O8JqQuaFjRmqaxCy5szM8p4uCMgWJOsDWJwQOAiq9lsGYapphKG4xh87apARlJDtwJp7Pqq0l3QKmlxxFqvbS6YLtQFb\/KsIDWmRMf\/M0ylaAuf8pwk"} -02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442953636,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442953636,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq9aAABAERhvwKgWBcCoFgSNvhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYiY1AAFcG+Kid8OAjCgoUBAG7sKwSxDuXceyRzoAYAQWDeAAAAQEICjdZVJ\/1DDMxXEIRhEPt6xyXW\/NRmzj70wXN1\/6WMohpmKmxAd9gkVZqZK5iVEWDax78RCQnzXs1WKQDTUqAlRjY577EDf\/urwFLfpKa9GqFJ5H30M5tikkNRgW7MeBEkkQOFWoEtrp8Wf8ZM7PJR8wZb1RGPZ+PcyzSPw15BLtNq0B5uzIohTyzqvNcHiJdV4lfD7FGHxhGn28nS+EDZb97+Az0CWgQ5GxrBwcQKpOJLIKVgdbIpALWztbOZWLqTceRDgLz5s4fvw4nsQaqnqqpRGBozftxotmJO7Pp5eqUGOh5GnaNLuYiIbXc9\/oQbdflXKNbzOImC3YLVFbwpq\/1nT\/lgsvdy6l24P9ukz8JRNVILKnKVIaKRWirfX5V3cR\/R65jbniSvW1\/YZAMCCU\/MZYQ7Je0WqpBSkt\/yyJf6vtj480SOuWeDWlHaSRK42iVjAEal89SZ6OM0uXcop1sM5Zm5LZLfzPDLDUIcNOttV2ECJYNNIwscVrg65jRik6Zxqt1AIbGDbNgqnZ2sWJxgoZJF3eBrTPccKMeiMmhkYEr9fAwc77TRgqc7NdDuEZgTcmtJtprI0qtLg2pzuHCmXEIFMvUU3\/fpXDQ\/99\/u04HvEg9B16dkMmoBtNx786S6+yWPmllTY27zkURq1T1eGZscJlVn0gFNTBp0vDIY+PXdkvdj7lokj4b4WqMnK2mvbaQwACjKkiaURMuPVwanFoVQ\/+5TdAr78wmFYdSMVDy5sUI2zwZ\/7TL3g2SkLfxXVIO7xXLat2KIh3sKA8yfLnuk6dKp2fB2RRWaCFUwBGWnlV4RVosyqVnI5YYiY7RryLV5OUtAoE\/gEeskbCI3QWgVaJehkl3eQaHWukL\/MThlDC4dnuIROachqbdm0XVciXEzkha6\/zyrTK5uyUs4PNH2FOairrAKnRQARZ6bB0zj6n0AEMTNEIzBFn0e8I18g569ew9YMDTK+eJJFktQXijbk3Kbl3qU8VEVAmQ7IOC6KGVYcGuj+L5+7A+3SOywSDibbfMNTLuoykZFmU+S01xGGfyfOHZXAEDRjOJk5ZZ6x7ABSPlf\/vlLH5LGxuOFrtcTB5gIdEZcH4W6m\/9VGEcq9GCYQmhhIp9sBVaH+74dHCtxmG3iJCXn5Ns4L5yU173ZQ0z+dW0UT5ANswNsNuJBCTDWs2tpw\/L5quI55bBJ42p595DGGJ8JLPC2ZWZ7N\/qKZEJogrh4EoPABoOMZNTS5ZpPyN+G6OPeb+l0IoNZzkbbgnhQcYx0LFDIQnU1Jq6S9DDzeo\/Xkyq87JzIY2duS0ODJ\/GzSj01PEfPMs37DoF7Og7Fcno4Cumdcakn2v\/FsHfiiJ9uNNKMA0JLWF0CojLhtcs5Hwc1YRxLvUoGerwL0nAiMr2Ffh9p9jZ\/+sLdEq\/sxlapTC\/AyqueUoHxrQ\/Orq6pG+oVsJlr4zZxIA5w\/LuLbUCrOKgz0WavUzqh\/VfpC\/zDMNOHb7DP3TUypGeEXV6Clk8JccwVK2oxK5fZB74+VxJbu9rhWcx66YVlpLLRirN14LcJzXiRBHGWu4amnIfV\/yqa\/iY39fgiSV4FcX03OUE9bUBOqbM195AYWjT61Ht8mmiFo6fCY7FMq\/IWcu8FZHdbFE1NVmwWRxU8xWYnKkxOxBhys\/bT2gyIknIKDXpZZt+2jZ6ZrWaBCC4jUQdLCg0+7YknObdD1grYY2yA56cuy8zo+6WzX5ZMArHERcDAwIiptWPViAj0xmEDVtIKoKOmzbo0blhFA+7JXhq76Ygp0tBPC9bq7ImQMIUvyVQ6rI+Q\/uqu5ZaWyNEgEVgZlati4ICL3LfNxzCSzTUaAL9"} -01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442953646,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":588,"pkt_l4_len":550,"thread_ts_usec":1639650442953646,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQACOq9bAABAERv+wKgWBcCoFgSNvhK1AiavkQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAIIiY5AAFcG\/Ded8OAjCgoUBAG7sKwSxED7ceyRzoAYAQWPfAAAAQEICjdZVJ\/1DDMx2QuTkae710\/WTJhvcURVHdJ9WIKQu4qWz9CFIaHOPcIMfpl2B9XqtuTclkw0rK4gmFQ82pczBMIap80mccIYXLm6DgRL4FoVPUaAJGa3mvIksW6UDt03Ua1HuIygWHRNKChfT6grUwB5hGjwLc5bB1H9v9s1ZNH3c1MFIPb5NPRDCIWlE76Y3Wglw1E1DiZBU1njd207V3Wh0sa+ZGg4HqYuuPXKSgtBT5DKuEc8dTH7NycOtQzIlEiMC3JNF4MbiR9Z\/FZQVVGs5cZMlOswF4trEe8QCXqcoHzvFf\/KEe2aJ6W3E6nPTubRIAh2VoGkUHozDVLcdoDXG9i2gDKRbUsge39PTPrwGyilvUDazyz6pOLtzE4B4bt+zqaBZ5Gt\/znd27GZ13LRj+IyaXZFjiqzyWzb+2glFa\/sRofXpcy+Gx5sKd4nKxrwizOB8rmGpZIhbSUpxQFzIyiVnPFhSZfp40CjI5bOGa4X+mmYYdYxdDwKr+muO2RLX3aG5z8V1J93cgmQgCDMO2NWnGBKRX\/8Jj6EjmjwV3TvXi0bl6jR6TuXEV7V6U1zfbj+f42GOH9+2bl8adWMFJUoqmHbZcem2j\/PGLKRfXEmoRYVhESvzDQr"} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442953712,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442953712,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNyAABAEcm7wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KWxAAEAGdTYKChQEnfDgI7CsAbtx7JHOEsQ7l4AQAfEf6gAAAQEICvUMMz03WVSf"} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442953912,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442953912,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNzAABAEcm6wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KW1AAEAGdTUKChQEnfDgI7CsAbtx7JHOEsRA+4AQAe8aiAAAAQEICvUMMz03WVSf"} -00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097770,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443097770,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639650443097770,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_usec":1639650443097770,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOIAABAEcmxwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"} -00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097770,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443097770,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639650443097913,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_usec":1639650443097913,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOJAABAEcmwwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"} -00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639650443097920,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_usec":1639650443097920,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOKAABAEcmvwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YUAAAAAFAEAABE2QAA"} -02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650443255719,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35959,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443255719,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":10133.0,"max":140558,"stddev":31047.2,"var":963930240.0,"ent":2.2,"data": [10532,1402,105,10,11439,530,9521,113264,10571,140558,101,64,3057,190,558,175,1284,181,1316,3621,187,402,189,2282,184,313,186,833,189,694,184]},"pktlen": {"min":102,"avg":1151.7,"max":1482,"stddev":546.6,"var":298767.6,"ent":4.8,"data": [110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482]},"bins": {"c_to_s": [0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.583852291,5.651705265,7.826985836,7.861832619,7.623077869,5.619890690,7.052967072,5.635924816,7.564305782,5.565874100,7.866837978,7.859116077,7.762131214,7.859333515,7.877618790,7.863654613,7.851696491,7.874659538,7.855105877,7.845957756,7.883800030,7.862126827,7.878228188,7.846958637,7.850887299,7.866386890,7.866912842,7.871983051,7.852091789,7.857552052,7.852843761,7.854843616]},"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650443264733,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443264733,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":10747.9,"max":150839,"stddev":30032.6,"var":901957440.0,"ent":2.5,"data": [10329,305,11530,200,4,1301,10031,41817,81536,403,150839,3109,802,1504,1403,3811,602,2508,504,1003,903,802,707,803,710,2107,301,402,2307,401,201]},"pktlen": {"min":102,"avg":125.1,"max":420,"stddev":68.2,"var":4655.6,"ent":4.8,"data": [110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102]},"bins": {"c_to_s": [0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.313875198,5.603603840,6.154091835,5.623211861,5.630611897,5.623211384,6.288531303,6.880884647,5.615810394,5.596202850,7.036987305,5.564387798,5.603603840,5.596202850,5.623211384,5.564388275,5.583995819,5.556987286,5.591396332,5.603603840,5.576594353,5.623211384,5.544780254,5.603603840,5.603603840,5.623211384,5.642818928,5.588801384,5.603603363,5.635418415,5.635418415,5.655025959]},"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864881,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442902284,"flow_src_last_pkt_time":1639650442930989,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650443276182,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68647,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645316,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650443276366,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1639650442712036,"flow_src_last_pkt_time":1639650443088800,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":388,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1459,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097920,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650443097493,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5058,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442711366,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645225,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} +00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442645316,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645316,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbANAAABAEcnnwKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbFAAEAR1uQKChQECAgICK2VADUAJoy+G88BAAABAAAAAAAACGZhY2Vib29rA2NvbQAAHAAB"} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442682647,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442682647,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442682647,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_usec":1639650442682647,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAfK8cAABAER37wKgWBcCoFgSrWhK1AGit0wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABK7zAAAHgRJVUICAgICgoUBAA1rZUANljckMaBgAABAAEAAAAACGZhY2Vib29rA2NvbQAAAQABwAwAAQABAAAAPQAEnfDgIw=="} +00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442682647,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442682647,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442711366,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":154,"pkt_l4_len":116,"thread_ts_usec":1639650442711366,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAiK8kAABAER3nwKgWBcCoFgSrWhK1AHSt3wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABW18oAAHgRPK8ICAgICgoUBAA1rZUAQjV7G8+BgAABAAEAAAAACGZhY2Vib29rA2NvbQAAHAABwAwAHAABAAABLAAQKgMogPFlAIH6zrAMAAAl3g=="} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442712036,"flow_src_last_pkt_time":1639650442712036,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442712036,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442712036,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442712036,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNKAABAEcnbwKgWBMCoFgXCYhK1AFoDcQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8c1FAAEAGK0kKChQEnfDgI7CqAbtGa9PfAAAAAKAC\/Vy6qgAAAgQFggQCCAr1DDJLAAAAAAEDAwc="} +00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442712036,"flow_src_last_pkt_time":1639650442712036,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442712036,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650442720908,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442720908,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442720908,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442720908,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq8mAABAER3\/wKgWBcCoFgTrRhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKrMyr8yRmvT4KAS\/\/+p5QAAAgQFcAQCCApu3xNF9QwySwEDAwg="} +00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650442720908,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442720908,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442721173,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442721173,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNLAABAEcniwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1JAAEAGK1AKChQEnfDgI7CqAbtGa9PgzMq\/M4AQAfvWagAAAQEICvUMMlRu3xNF"} +01046{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442721478,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":434,"pkt_l4_len":396,"thread_ts_usec":1639650442721478,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABoANMAABAEcinwKgWBMCoFgXCYhK1AYwCPwgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFuc1NAAEAGKhUKChQEnfDgI7CqAbtGa9PgzMq\/M4AYAfsRCQAAAQEICvUMMlRu3xNFFgMBATUBAAExAwPcWPn0A3m1eWVQI6wIeeeCbwEERXHekpXL79ewykXCYSB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06gA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACqAAAAEQAPAAAMZmFjZWJvb2suY29tAAsABAMAAQIACgAMAAoAHQAXAB4AGQAYACMAAAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvh2mgzmX9e9ai9f7D2sZdwM6XcPIdlu9U72vXq+2WUY="} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442730182,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442730182,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq8oAABAER4FwKgWBcCoFgTrRhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0NXJAAFcGUiid8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQXWHAAAAQEICm7fE0\/1DDJU"} +02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442731370,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442731370,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq8pAABAERigwKgWBcCoFgTrRhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYNXNAAFcGTMOd8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQV3jwAAAQEICm7fE0\/1DDJUFgMDAHoCAAB2AwOmSfmdNeNm8QDTG24pPSbwgaHpKWVOEuxV0VdDoIbVRCB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06hMDAAAuACsAAgMEADMAJAAdACBeWCJdN6DYiyNoL9O4psA+bOwF3dlPVj+\/ZvCptenEWhQDAwABARcDAwP5x3wWkfPx0kKF78QldsrrAx9RhC9Bn0NSGlsi9mLXhXMxtjC1tRafSYFhQiJT+Fexnm8My4gs26aQEytaTPmgh5bUcw2QSfIZvydw4\/xZva+hLS\/8KA8IimnKia46hp3fWd34D\/kZeUEi4PChEE1dsSEooXjU12XznCQysKGXu4bNl\/M85AYOBz9YkdnIBAFMjv3LwRfyKzi+n+FzF2x2zQZe5zhiQO++hcg2a8zSiSl8WG4UQlAbxtYUcRtsHiuPhWa\/PFDmcr\/s5mD\/Q55l8WWg9PfvSz5AAtjdU+LwfzbipKrnitGs76ROINneUubu+vg3oG1HDHdCmIEKeQwpdQlOkFMa7Zj9p\/hnuj8kufGBHQWOnvQ4ESu9jqNCVadRhiLORyEnSmIOTVXq2PFZieMvXd\/iPGqx2LJGD35zc9E73bB1G1gUSAjqKKkF7Ka0QSqC60GRLch93kQOqKrg3ohzvWu6Nvcf1bKMMkwp3RH43UImPPvzJfBg0eF8coKNcZUeUHlo354awjbPVkVZdhktOsK2GP0UxCJQkEEIHy30I1R0Mi0YUyrXiupVR5oc885KczFIY6ZLchLSI9gBm4CPo74pczykPl0D2ohno9XIYd917oz\/CK6iDlxcZRoVCD9vR\/QBAVfogV5k0Bxag8nU0KkVlVrZu05e7Ga+la++aA\/ZRES1+kbfTcNkz+8wG0huQcFD9TuPucbrdbya+Lt4QerqgS6VIW4NcTKUEe7ooQN3x+GdEnHT5nA80FCh2Q8\/7Y4VrtbkIgXx1EFWygd\/V2e6bsr0FcvNp9dOQi4BilNsmBAYks4O62pQ+ID1+NsWsODEwCDgqelXXYi5V9R4vP0erUMDezq+wfpJUYzqIfZioJ\/y5HkwdUPno9YJNeESiKCDdm0vSVcq2riB8OcvQGo\/oDBJBq6nucF6sN73xA4p3ylMscy6Qt06wCWiIr6\/vtUxxidwqOW8p2ZSSzkMx7XwpulVjUmRTrg1+pvDcBMZhTG9kIWHEUpGufrn4DQ51+oLui2RUzj5RrrnkZPvUcP3Uuf14vSYq\/g7J4\/eWdbdU2KCbHvT9wEZhi+VqOcKwG4DrRCujjzD3M4n08F6YOy6Scb4ZllcNjr65M66+QJXPHl\/qHrvVforxHgyi32Tp\/UN7ndgWwvzaAOqXr7WczqRiqyo11sYjhK2i91KB3fKsvsBdhbBQICqoKnWoaqw5eT9wfklQ0THh3G6DwjYbN8EYkzO576Kr2zwXFUqs4v+YkPVQY1z03PbCmgHbLckVMef7zjCijTbA\/yVRubOrENRdj4UBJxaoYP5sU895ipoXgXM1lSoqdOIJN4We+WBWsDjj7BpFwMDBe2TZHfrkB8f5TtDXM+TM0HPoRHXGJ7oGDZRZy0uPUx3IAPv3pCX9H0HbaU\/LA95w76hakUfhlXm7Vn78btBVP3OOeAsZ62gfgCXMiiM0NNLeJLiobbCc5AckKUS9M9XcUF9gQ2jgSpnpqdmyjX9LeO5ci7XrBg6Kuj9ATfiiYj8xXQOq0KONbnADXTjSNP+mRm+X4ZdGhZQhoUs7+r9y6T3L6QaFdpvuhamDG3Y+2lgP0Oygwz31QjrgZ3kiDdVFWXvn4FweXAGyXb4\/RH2YOzcZO6qBDJPMp+Xq7rr"} +02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442731442,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442731442,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq8qAABAERifwKgWBcCoFgTrRhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYNXRAAFcGTMKd8OAjCgoUBAG7sKrMysSXRmvVGoAYAQU7NgAAAQEICm7fE0\/1DDJUv15zsQlwQkQ\/NhYJ3BZREfnmFdZbCBYxcH5Rr8tCtNf6ESAWVY8tSe9jJJiifvWfa\/l6GP\/2DH5vx1hiESCo7qZ07tnxUPKngad4eNAywA7xfr4SB9J0b9SG8STo\/ioZ\/XIPiqX8TB1C9dm8LdLTl+UtrLa0P6R+Pf+yHNw9G1GTDNTjJ3eXPDxzw+z4E8wjIpPVtJQIpd3Ox6EEe+jlPjM6Iqk84CNm1kDYmXaPmynIDot9uf5vmpaoyf7joqudoNsW1O3hbGiy\/vRGqK448Nwh2xL74uwkHPO4SgorSzxilnymP2mPkqj+xN2z8urzdVfPdOMq1PzFHWbkiAFsffTSJbSOFxYOvh5iDUl6aXAzPERZeSGansLUOde4dYZadrZE0GiiOvkwp1vTWI7q5NEemXwLaevJAZ4VLVr2rVLUW1gNyx5VEe6yHz61UYAXOu1wUBPkF95uWVg6omgt8\/Py6XyY1IVjsRMmeV9SkfgNnaEv1ccQUB7UPIoisVT3ts\/ubWVCo7ov9+BF8TQ4\/jlcN1QAKhKoUnNEFTzXfuBR1\/V8uZHBH90fSu9+iN3rD+e4U7sVNyCcaV8vLSJFbZWUaDo+DfLVgMR2pwyqfMHQXz6KHy0TlvoyCglHiMVAB4Y\/opQP\/XjFiIwTKjWIV\/KpsqgCrzSePmI5sfRxCsjZi2p74JqqHzNFRYnJM\/K6HiBkRqD8hWfEZk9ruYDcwv61CdwMo9+5M4Za02MlAu8Umifm179WS\/nQ9YupyhdZuMDR4pWxPgji1aaTNubL8IxdeUn43isOTSFDXIDyWKqE0evJxX72UV6HBXD4l70hV6fOWYJV2QJHP8BpAhSHBM3zF4G\/gwMKQsN3AcjVW3TO6EqfKsYezA+WVHIxP7Pzmgt6WCTVHmmVAT7TTPvQf2VuMyYmDh3rAgfYchNdkXe7X5EauTS90JPEGeEKgWswg\/0uBogXywznbsvxQimkzT5LmgBarbYQ+lTCOt9ST8xXAyiQvmgh8nGc1mSWeO0KytEzgg5SMEC+HXhNIdaHwsEq8JVSHsR6lH3e4aEi0SckiaYX1fj0WJLI4WJPpk5WCR3hQlNgwPJBnxQRC+Jje6DPTzbcw\/N8k5mbS8qfQeX4KiQzB\/nLUP+HpOhAOVzZNWP3BfEhhfH9jMs8b8yqaYYjXTTuzPZvw1kmY93cYTSam7GJdfM4ld3MGFI2m7B4WlZUTmL0ZXgMw+FzVmfH71GM+kydW9WH33U0GaKq0fsmdPhAX+CKYL9kbBrVNOW+geYgcoq5Um\/\/\/YBalVH5ZjdVADgkHXDlMJJr8Xspyl8+HSkBG6vwWwBtPUM0GWOZUQSQ2KLItrIPcVcWilKouFAjTrUXZNE4cmkaq+JwjzpVogaWQVdR0tJ7pgGqxfJy8ePwhEV2pC7ojE4x2Jj9Qq2C4P+lf60fZQBuClzlqNFQc\/iXlm2ZMTKlmnqmg4z3mGLIDv6dhwTPaIklG\/9rGh0KcZ8w7BCpyA63zlSb8CU5NSz5XAUXs4VtHPzMtP4npapO1\/0ArCDRMxLhAjNsCtISSlDY0yUoNajmJg4qyyym6z9bAXjkqdIdJe+1isCbrj3B06eEtj1F5yJz3Az4Mm+pQLSsXIa6oY+YeUNDG\/myG1qvXNo3v5vP\/r3HtTg36paXajCh92rAIu4DBQhfB\/VFUywu6gQknNrfrgQq34kdWo9lXt8vA4OpsTor2RzVERcDAwIi+J1moVhqGIn24O3jdPsG+Bv16G1Dz3fHFNb44FRK3mK3MKiy4NN7t3PW8YgFh1bbaLlY14Vi1SIgIXgDOu1ei2\/GzNh8ZhwFbZ8BAT\/1"} +01261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442731452,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":588,"pkt_l4_len":550,"thread_ts_usec":1639650442731452,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQACOq8rAABAERwuwKgWBcCoFgTrRhK1AiavkQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAIINXVAAFcGUFGd8OAjCgoUBAG7sKrMysn7RmvVGoAYAQXh4wAAAQEICm7fE0\/1DDJUWPGWEIopRc1kqqnRU0+lugsDnb4Vo\/J3w7OblyaZUlkVYbFmr5+Uv3bjjyoWVsSE++ZXnO12yHGrKJu1pbLqnrmbYAXLsYF9Qi8HXrgmeqkOwFBOP2RmxCNFB19MIcKz60l9LzgtUiYI4BjZmez3GfiKLT6vH1sUaHJvuYGziRuSeM9KkzSuRYzWvEVI1XCCWxBi2\/uvbwWSDng8q1AeyujuTA7NJ3xK4haEKdftraAmQbydVilifeJ+alFNFehINR1YKmNyIug4nT013EZPndfEm8QsEO\/RIaFopqgYe\/Nqdv0ldqu7KYMKH4kSvohYKS7xLdSyj5BuVvtTz66XrOihEzNFOh1HGJEqN9BMZI7\/l+43OsnYyzz6Za59S43b8nAv6jzEqC3waAo0BUjVUfzV83y\/mdnqGcPeOoogAZBvG3iQZy3+ULwglk1bld3ZTrfpOncv\/VsPNkCHr8GdxkjHpodBr2jIQ3kevQ\/Qvf\/zuw9PHxsIBiih7KuxAX6uRgHFB6\/h8a58gYHq4LN8LZ8yRxgnT9OiNrVL7JEJZnrNL4D2WThvLrSFIXyfH6bj0C2zG6BlMdhFKhjcI3cEBA00aCBVWwhlkCpck01CLKkp6Qzj"} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442731607,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442731607,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNNAABAEcngwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1RAAEAGK04KChQEnfDgI7CqAbtGa9UazMrEl4AQAfHPwgAAAQEICvUMMl5u3xNP"} +00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442731706,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442731706,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNOAABAEcnfwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1VAAEAGK00KChQEnfDgI7CqAbtGa9UazMrJ+4AQAe\/KXwAAAQEICvUMMl9u3xNP"} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864784,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442864784,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442864784,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1639650442864784,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANpAABAEcm6wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbtAAEAR1tYKChQECAgICIBcADUAKoq80C4BAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAQ=="} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864784,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442864784,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442864881,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1639650442864881,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANqAABAEcm5wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbxAAEAR1tUKChQECAgICIBcADUAKi+aKzYBAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAQ=="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442902284,"flow_src_last_pkt_time":1639650442902284,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442902284,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442902284,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":175,"pkt_l4_len":137,"thread_ts_usec":1639650442902284,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAna9MAABAER2qwKgWBcCoFgTESxK1AImt9AgAAAAABFcAHuppKm\/PZnpQqv+aCABFCABrklQAAHgRgggICAgICgoUBAA1gFwAV2EE0C6BgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAClEAEQlzdGFyLW1pbmkEYzEwcsAQwC4AAQABAAAAEQAEnfDgIw=="} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442902284,"flow_src_last_pkt_time":1639650442902284,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442902284,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442930989,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":187,"pkt_l4_len":149,"thread_ts_usec":1639650442930989,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAqa9SAABAER2YwKgWBcCoFgTESxK1AJWuAAgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAB3WtIAAHgRuX4ICAgICgoUBAA1gFwAY6QKKzaBgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAcAMAAUAAQAACnkAEQlzdGFyLW1pbmkEYzEwcsAQwC4AHAABAAAAPAAQKgMogPFlAIH6zrAMAAAl3g=="} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650442931548,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442931548,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442931548,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442931548,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNuAABAEcm3wKgWBMCoFgWexhK1AFonDQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8KWlAAEAGdTEKChQEnfDgI7CsAbtx7JCPAAAAAKAC\/VzRnAAAAgQFggQCCAr1DDMmAAAAAAEDAwc="} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650442931548,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442931548,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650442941597,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442941597,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442941597,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1639650442941597,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq9VAABAER3QwKgWBcCoFgSNvhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKwSxDYyceyQkKAS\/\/\/6FgAAAgQFcAQCCAo3WVST9QwzJgEDAwg="} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650442941597,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442941597,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442941877,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442941877,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNwAABAEcm9wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KWpAAEAGdTgKChQEnfDgI7CsAbtx7JCQEsQ2M4AQAfsmmgAAAQEICvUMMzE3WVST"} +01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442942182,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":438,"pkt_l4_len":400,"thread_ts_usec":1639650442942182,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABpANxAABAEch+wKgWBMCoFgWexhK1AZAl1wgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFyKWtAAEAGc\/kKChQEnfDgI7CsAbtx7JCQEsQ2M4AYAfsFYwAAAQEICvUMMzE3WVSTFgMBATkBAAE1AwM+kikCjZKYLJ0yMsC2SkPOGgwTwgkXQ4SgJHcmBMuaciDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2AA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACuAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIFjRzvsXuQ0A5A179GyLQXzYsfihHOpNhs3mPbXqyp9j"} +00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639650442952129,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442952129,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq9YAABAER3VwKgWBcCoFgSNvhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0iYtAAFcG\/g6d8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUmRwAAAQEICjdZVJ71DDMx"} +02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639650442953531,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442953531,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq9ZAABAERhwwKgWBcCoFgSNvhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYiYxAAFcG+Kmd8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUwxgAAAQEICjdZVJ\/1DDMxFgMDAHoCAAB2AwOCxvI5EXHPK47hHjBvMw\/BI06Lkop9Q1UWqJnwHHEN3CDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2BMDAAAuACsAAgMEADMAJAAdACDAmDgjswZAHJO96Fxo5TF\/yHycPaDsaAssE+9YRtxuEBQDAwABARcDAwP5a5IZfVeyKEpOW0ufVGHnS60wv8jhNGuVFX1zlQlbDVGUUfZZGketBg2YthNR92n\/MnYwVxVhLF8luCNg98YcDHmLLzoHZsL49nDI+l9FD1r3wmiZMWL0y3yQZ\/JJQKcjOwcRiF5wjYIImRQjdfRPMVOpZX\/eVRUbhOETdoAwwjdl+orOFnHqlPn5W8zlz4vJR9+aKEMgg4VpLfA7gJ9BUce3E1AaydUD+XJnWAEIHLgcGKblAISRpe7EvwEoeN3STwz5TvBkeELGXhsRX3VYe06CV9GB9VUiMOxvkOe31kzQb1w5L8Q9dutguKq4auDiRIQdo3UPxjULEUEc8daV3AVkJf2C1IybYidwRoHGi86ATrnZfFObldSoDiKx4JXrwos9QDOQpTdBNWZYx1lo\/uqq\/8g1iPHfxsw1J8SNoIu5azXqXHRnZtnkXa0yFNP8rYYC0HNJXH5qFNBZ2p1fwoVg6AJX9XpDhAf\/k3osd3p+iDepC3IlVLkm+GmIka\/ZxprUZwNv+NGPRXYwQEVExWeySi4zMfz+B08WmlYQlxDWeXWgy2Izp8brlY84iY7t+GG4wm4JGr4A5KEWS58eKrUQrvPFR3jjXo6\/NCMu1YlygA+8c1qXjV+4IWGGMZkGFl87oSHi5P5ls+PzEck+yxjmOkP2mvhzrgr8cdbPj8RHsmNL+PETzQCtb1+I3PsP7AAQBnvJY2h7WghCBHgXKcXI9Fb91uYXjT0slYvTKjLrM+DmeFlzGURSW\/vAfQS1WzWshi0ZK\/8PHNQOsgSP5kX6vbKm1\/h4vdrSdq9Xy+3ChNYwY3Nz9UiRkomRmJoIRcqg8BPD4F7Li3UV4xy3ABlESzoqS14VkfVrJvF8Mssxb9uvKQB+Qftsw2prI4ct04qYspIUp+UyM6Y\/2OJhQWUzJBR7uDTVCn7cANa1qv5E81wp3WQIDI4BILWzecMZ++5JNOCdB5nQhfnz\/N46Rxh2m7dGQVsrhILqQg18vZWRXgsaYlpdWLllg3Cc33BYO\/+xQSxE5dvD+kHOSyP82e6eYHseshW7ln2FQDBjhnpBmuu8bKe+ZLkLevp6JoX4n7CIT23dcVV70UPfHzh3IBD9V+aD+PezeVtAGtuN4sZFohCJqTCjU\/XDcbZBeh6OfGZnUa850szjVLwzCcjXUP5B2l9n8SVTcXC3TF1cNpmTKwK01\/iJodz\/Q1ONsNdD4Jx8jY\/TLAlz4SJ+p7EPwFCMcwgZZKDl7ngwm0oPKncBrp0h2I0LOu793MxLBZwWgaM2KE3RBP2Qczs4SWP11UNQru+qxNl5EQLpinZejHt4hIt43rCVfRdXm2XDWme1jb1NB\/BYjxMUFwMDBe2NF\/B6RhuN92VOyJI6GV0+4MNlaQ2zRuSi41Qbfxms7nL+4fbQoszMAls3NvQOy8nluFZhTsFed4rEOfffnONOkD7LtY9K1a3OfMAvUkl3q6LpSyD0SRfScUpqPrYnKJKjotSjbJI1H3Jju7kYZHpZmKplW8uHRWRib1NTXyMtmkspyf4o9O8JqQuaFjRmqaxCy5szM8p4uCMgWJOsDWJwQOAiq9lsGYapphKG4xh87apARlJDtwJp7Pqq0l3QKmlxxFqvbS6YLtQFb\/KsIDWmRMf\/M0ylaAuf8pwk"} +02507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442953636,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_usec":1639650442953636,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq9aAABAERhvwKgWBcCoFgSNvhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYiY1AAFcG+Kid8OAjCgoUBAG7sKwSxDuXceyRzoAYAQWDeAAAAQEICjdZVJ\/1DDMxXEIRhEPt6xyXW\/NRmzj70wXN1\/6WMohpmKmxAd9gkVZqZK5iVEWDax78RCQnzXs1WKQDTUqAlRjY577EDf\/urwFLfpKa9GqFJ5H30M5tikkNRgW7MeBEkkQOFWoEtrp8Wf8ZM7PJR8wZb1RGPZ+PcyzSPw15BLtNq0B5uzIohTyzqvNcHiJdV4lfD7FGHxhGn28nS+EDZb97+Az0CWgQ5GxrBwcQKpOJLIKVgdbIpALWztbOZWLqTceRDgLz5s4fvw4nsQaqnqqpRGBozftxotmJO7Pp5eqUGOh5GnaNLuYiIbXc9\/oQbdflXKNbzOImC3YLVFbwpq\/1nT\/lgsvdy6l24P9ukz8JRNVILKnKVIaKRWirfX5V3cR\/R65jbniSvW1\/YZAMCCU\/MZYQ7Je0WqpBSkt\/yyJf6vtj480SOuWeDWlHaSRK42iVjAEal89SZ6OM0uXcop1sM5Zm5LZLfzPDLDUIcNOttV2ECJYNNIwscVrg65jRik6Zxqt1AIbGDbNgqnZ2sWJxgoZJF3eBrTPccKMeiMmhkYEr9fAwc77TRgqc7NdDuEZgTcmtJtprI0qtLg2pzuHCmXEIFMvUU3\/fpXDQ\/99\/u04HvEg9B16dkMmoBtNx786S6+yWPmllTY27zkURq1T1eGZscJlVn0gFNTBp0vDIY+PXdkvdj7lokj4b4WqMnK2mvbaQwACjKkiaURMuPVwanFoVQ\/+5TdAr78wmFYdSMVDy5sUI2zwZ\/7TL3g2SkLfxXVIO7xXLat2KIh3sKA8yfLnuk6dKp2fB2RRWaCFUwBGWnlV4RVosyqVnI5YYiY7RryLV5OUtAoE\/gEeskbCI3QWgVaJehkl3eQaHWukL\/MThlDC4dnuIROachqbdm0XVciXEzkha6\/zyrTK5uyUs4PNH2FOairrAKnRQARZ6bB0zj6n0AEMTNEIzBFn0e8I18g569ew9YMDTK+eJJFktQXijbk3Kbl3qU8VEVAmQ7IOC6KGVYcGuj+L5+7A+3SOywSDibbfMNTLuoykZFmU+S01xGGfyfOHZXAEDRjOJk5ZZ6x7ABSPlf\/vlLH5LGxuOFrtcTB5gIdEZcH4W6m\/9VGEcq9GCYQmhhIp9sBVaH+74dHCtxmG3iJCXn5Ns4L5yU173ZQ0z+dW0UT5ANswNsNuJBCTDWs2tpw\/L5quI55bBJ42p595DGGJ8JLPC2ZWZ7N\/qKZEJogrh4EoPABoOMZNTS5ZpPyN+G6OPeb+l0IoNZzkbbgnhQcYx0LFDIQnU1Jq6S9DDzeo\/Xkyq87JzIY2duS0ODJ\/GzSj01PEfPMs37DoF7Og7Fcno4Cumdcakn2v\/FsHfiiJ9uNNKMA0JLWF0CojLhtcs5Hwc1YRxLvUoGerwL0nAiMr2Ffh9p9jZ\/+sLdEq\/sxlapTC\/AyqueUoHxrQ\/Orq6pG+oVsJlr4zZxIA5w\/LuLbUCrOKgz0WavUzqh\/VfpC\/zDMNOHb7DP3TUypGeEXV6Clk8JccwVK2oxK5fZB74+VxJbu9rhWcx66YVlpLLRirN14LcJzXiRBHGWu4amnIfV\/yqa\/iY39fgiSV4FcX03OUE9bUBOqbM195AYWjT61Ht8mmiFo6fCY7FMq\/IWcu8FZHdbFE1NVmwWRxU8xWYnKkxOxBhys\/bT2gyIknIKDXpZZt+2jZ6ZrWaBCC4jUQdLCg0+7YknObdD1grYY2yA56cuy8zo+6WzX5ZMArHERcDAwIiptWPViAj0xmEDVtIKoKOmzbo0blhFA+7JXhq76Ygp0tBPC9bq7ImQMIUvyVQ6rI+Q\/uqu5ZaWyNEgEVgZlati4ICL3LfNxzCSzTUaAL9"} +01259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442953646,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":588,"pkt_l4_len":550,"thread_ts_usec":1639650442953646,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQACOq9bAABAERv+wKgWBcCoFgSNvhK1AiavkQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAIIiY5AAFcG\/Ded8OAjCgoUBAG7sKwSxED7ceyRzoAYAQWPfAAAAQEICjdZVJ\/1DDMx2QuTkae710\/WTJhvcURVHdJ9WIKQu4qWz9CFIaHOPcIMfpl2B9XqtuTclkw0rK4gmFQ82pczBMIap80mccIYXLm6DgRL4FoVPUaAJGa3mvIksW6UDt03Ua1HuIygWHRNKChfT6grUwB5hGjwLc5bB1H9v9s1ZNH3c1MFIPb5NPRDCIWlE76Y3Wglw1E1DiZBU1njd207V3Wh0sa+ZGg4HqYuuPXKSgtBT5DKuEc8dTH7NycOtQzIlEiMC3JNF4MbiR9Z\/FZQVVGs5cZMlOswF4trEe8QCXqcoHzvFf\/KEe2aJ6W3E6nPTubRIAh2VoGkUHozDVLcdoDXG9i2gDKRbUsge39PTPrwGyilvUDazyz6pOLtzE4B4bt+zqaBZ5Gt\/znd27GZ13LRj+IyaXZFjiqzyWzb+2glFa\/sRofXpcy+Gx5sKd4nKxrwizOB8rmGpZIhbSUpxQFzIyiVnPFhSZfp40CjI5bOGa4X+mmYYdYxdDwKr+muO2RLX3aG5z8V1J93cgmQgCDMO2NWnGBKRX\/8Jj6EjmjwV3TvXi0bl6jR6TuXEV7V6U1zfbj+f42GOH9+2bl8adWMFJUoqmHbZcem2j\/PGLKRfXEmoRYVhESvzDQr"} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639650442953712,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442953712,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNyAABAEcm7wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KWxAAEAGdTYKChQEnfDgI7CsAbtx7JHOEsQ7l4AQAfEf6gAAAQEICvUMMz03WVSf"} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639650442953912,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_usec":1639650442953912,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNzAABAEcm6wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KW1AAEAGdTUKChQEnfDgI7CsAbtx7JHOEsRA+4AQAe8aiAAAAQEICvUMMz03WVSf"} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097770,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443097770,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639650443097770,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_usec":1639650443097770,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOIAABAEcmxwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097770,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443097770,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639650443097913,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_usec":1639650443097913,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOJAABAEcmwwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639650443097920,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_usec":1639650443097920,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOKAABAEcmvwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YUAAAAAFAEAABE2QAA"} +02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650443255719,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35959,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443255719,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":10133.0,"max":140558,"stddev":31047.2,"var":963930240.0,"ent":2.2,"data": [10532,1402,105,10,11439,530,9521,113264,10571,140558,101,64,3057,190,558,175,1284,181,1316,3621,187,402,189,2282,184,313,186,833,189,694,184]},"pktlen": {"min":102,"avg":1151.7,"max":1482,"stddev":546.6,"var":298767.6,"ent":4.8,"data": [110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482]},"bins": {"c_to_s": [0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.583852291,5.651705265,7.826985836,7.861832619,7.623077869,5.619890690,7.052967072,5.635924816,7.564305782,5.565874100,7.866837978,7.859116077,7.762131214,7.859333515,7.877618790,7.863654613,7.851696491,7.874659538,7.855105877,7.845957756,7.883800030,7.862126827,7.878228188,7.846958637,7.850887299,7.866386890,7.866912842,7.871983051,7.852091789,7.857552052,7.852843761,7.854843616]},"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650443264733,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443264733,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":10747.9,"max":150839,"stddev":30032.6,"var":901957440.0,"ent":2.5,"data": [10329,305,11530,200,4,1301,10031,41817,81536,403,150839,3109,802,1504,1403,3811,602,2508,504,1003,903,802,707,803,710,2107,301,402,2307,401,201]},"pktlen": {"min":102,"avg":125.1,"max":420,"stddev":68.2,"var":4655.6,"ent":4.8,"data": [110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102]},"bins": {"c_to_s": [0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.313875198,5.603603840,6.154091835,5.623211861,5.630611897,5.623211384,6.288531303,6.880884647,5.615810394,5.596202850,7.036987305,5.564387798,5.603603840,5.596202850,5.623211384,5.564388275,5.583995819,5.556987286,5.591396332,5.603603840,5.576594353,5.623211384,5.544780254,5.603603840,5.603603840,5.623211384,5.642818928,5.588801384,5.603603363,5.635418415,5.635418415,5.655025959]},"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864881,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442902284,"flow_src_last_pkt_time":1639650442930989,"flow_dst_last_pkt_time":1639650442902284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650443276182,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68647,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645316,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":0,"flow_first_seen":1639650442931548,"flow_src_last_pkt_time":1639650443276366,"flow_dst_last_pkt_time":1639650442931548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1639650442712036,"flow_src_last_pkt_time":1639650443088800,"flow_dst_last_pkt_time":1639650442712036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":388,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1459,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097920,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650443097493,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5058,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442711366,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 @@ -74,5 +74,5 @@ ~~ total allocations/frees...: 114235/114235 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars -~~ json message max len.......: 2500 chars -~~ json message avg len.......: 1532 chars +~~ json message max len.......: 2512 chars +~~ json message avg len.......: 1538 chars diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out index 71b2eb06c..8a633ac25 100644 --- a/test/results/default/whois.pcapng.out +++ b/test/results/default/whois.pcapng.out @@ -8,25 +8,25 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119183714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1507397119183935,"pkt":"CAAnPqwxUlQAEjUCCABFAAAoSF4AAEAGNyjAAC87CgACDwArrJwAl14ChXtZEFAQ\/\/\/KnQAAAAAAAAAA"} 00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} -00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} -00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460416,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} -00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB8BpDHChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} -00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":228,"pkt_l4_len":190,"thread_ts_usec":1604305198677924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAA0uAtQAB5BrdDChEiiwoRMwj6EBD3\/zhGhz5vYKBQGAICz4oAABYDAwClAQAAoQMDX5\/BMV1rPKhByzNRK4rcAwy\/wMJWuP4Xh6PiU3vD\/KoAACbALMArwDDAL8AkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFIABQAFAQAAAAAACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABAADgAMAmgyCGh0dHAvMS4xABcAAP8BAAEA"} -01503{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5","blocks":0}}} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} +00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460416,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB8BpDHChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} +00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":228,"pkt_l4_len":190,"thread_ts_usec":1604305198677924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAA0uAtQAB5BrdDChEiiwoRMwj6EBD3\/zhGhz5vYKBQGAICz4oAABYDAwClAQAAoQMDX5\/BMV1rPKhByzNRK4rcAwy\/wMJWuP4Xh6PiU3vD\/KoAACbALMArwDDAL8AkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFIABQAFAQAAAAAACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABAADgAMAmgyCGh0dHAvMS4xABcAAP8BAAEA"} +01518{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01724{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5","blocks":0}}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119368026,"flow_dst_last_pkt_time":1507397119369277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}} 00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} -02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} -02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="} -01489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":772,"pkt_l4_len":734,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAC8oz5AAAtBsawwB4tHgqgP4AAK8\/hR0rnHdStrBVQGAW0LAwAACBkaXNzZW1pbmF0aW9uIG9yIG90aGVyIHVzZSBvZiB0aGlzIERhdGEgaXMgZXhwcmVzc2x5DQpwcm9oaWJpdGVkIHdpdGhvdXQgdGhlIHByaW9yIHdyaXR0ZW4gY29uc2VudCBvZiBWZXJpU2lnbi4gWW91IGFncmVlIG5vdCB0bw0KdXNlIGVsZWN0cm9uaWMgcHJvY2Vzc2VzIHRoYXQgYXJlIGF1dG9tYXRlZCBhbmQgaGlnaC12b2x1bWUgdG8gYWNjZXNzIG9yDQpxdWVyeSB0aGUgV2hvaXMgZGF0YWJhc2UgZXhjZXB0IGFzIHJlYXNvbmFibHkgbmVjZXNzYXJ5IHRvIHJlZ2lzdGVyDQpkb21haW4gbmFtZXMgb3IgbW9kaWZ5IGV4aXN0aW5nIHJlZ2lzdHJhdGlvbnMuIFZlcmlTaWduIHJlc2VydmVzIHRoZSByaWdodA0KdG8gcmVzdHJpY3QgeW91ciBhY2Nlc3MgdG8gdGhlIFdob2lzIGRhdGFiYXNlIGluIGl0cyBzb2xlIGRpc2NyZXRpb24gdG8gZW5zdXJlDQpvcGVyYXRpb25hbCBzdGFiaWxpdHkuICBWZXJpU2lnbiBtYXkgcmVzdHJpY3Qgb3IgdGVybWluYXRlIHlvdXIgYWNjZXNzIHRvIHRoZQ0KV2hvaXMgZGF0YWJhc2UgZm9yIGZhaWx1cmUgdG8gYWJpZGUgYnkgdGhlc2UgdGVybXMgb2YgdXNlLiBWZXJpU2lnbg0KcmVzZXJ2ZXMgdGhlIHJpZ2h0IHRvIG1vZGlmeSB0aGVzZSB0ZXJtcyBhdCBhbnkgdGltZS4NCg0KVGhlIFJlZ2lzdHJ5IGRhdGFiYXNlIGNvbnRhaW5zIE9OTFkgLkNPTSwgLk5FVCwgLkVEVSBkb21haW5zIGFuZA0KUmVnaXN0cmFycy4NCg=="} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623517269021781,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAAKKgxAAAtBq5CwB4tHgqgP4AAK8\/hR0rp59StrBVQEQW08MAAAAAA"} -01307{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} -00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} +02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} +02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="} +01504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":772,"pkt_l4_len":734,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAC8oz5AAAtBsawwB4tHgqgP4AAK8\/hR0rnHdStrBVQGAW0LAwAACBkaXNzZW1pbmF0aW9uIG9yIG90aGVyIHVzZSBvZiB0aGlzIERhdGEgaXMgZXhwcmVzc2x5DQpwcm9oaWJpdGVkIHdpdGhvdXQgdGhlIHByaW9yIHdyaXR0ZW4gY29uc2VudCBvZiBWZXJpU2lnbi4gWW91IGFncmVlIG5vdCB0bw0KdXNlIGVsZWN0cm9uaWMgcHJvY2Vzc2VzIHRoYXQgYXJlIGF1dG9tYXRlZCBhbmQgaGlnaC12b2x1bWUgdG8gYWNjZXNzIG9yDQpxdWVyeSB0aGUgV2hvaXMgZGF0YWJhc2UgZXhjZXB0IGFzIHJlYXNvbmFibHkgbmVjZXNzYXJ5IHRvIHJlZ2lzdGVyDQpkb21haW4gbmFtZXMgb3IgbW9kaWZ5IGV4aXN0aW5nIHJlZ2lzdHJhdGlvbnMuIFZlcmlTaWduIHJlc2VydmVzIHRoZSByaWdodA0KdG8gcmVzdHJpY3QgeW91ciBhY2Nlc3MgdG8gdGhlIFdob2lzIGRhdGFiYXNlIGluIGl0cyBzb2xlIGRpc2NyZXRpb24gdG8gZW5zdXJlDQpvcGVyYXRpb25hbCBzdGFiaWxpdHkuICBWZXJpU2lnbiBtYXkgcmVzdHJpY3Qgb3IgdGVybWluYXRlIHlvdXIgYWNjZXNzIHRvIHRoZQ0KV2hvaXMgZGF0YWJhc2UgZm9yIGZhaWx1cmUgdG8gYWJpZGUgYnkgdGhlc2UgdGVybXMgb2YgdXNlLiBWZXJpU2lnbg0KcmVzZXJ2ZXMgdGhlIHJpZ2h0IHRvIG1vZGlmeSB0aGVzZSB0ZXJtcyBhdCBhbnkgdGltZS4NCg0KVGhlIFJlZ2lzdHJ5IGRhdGFiYXNlIGNvbnRhaW5zIE9OTFkgLkNPTSwgLk5FVCwgLkVEVSBkb21haW5zIGFuZA0KUmVnaXN0cmFycy4NCg=="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623517269021781,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAAKKgxAAAtBq5CwB4tHgqgP4AAK8\/hR0rp59StrBVQEQW08MAAAAAA"} +01322{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01097{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00796{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 @@ -41,5 +41,5 @@ ~~ total allocations/frees...: 114075/114075 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars -~~ json message max len.......: 2145 chars -~~ json message avg len.......: 1336 chars +~~ json message max len.......: 2160 chars +~~ json message avg len.......: 1343 chars diff --git a/test/results/default/xiaomi.pcap.out b/test/results/default/xiaomi.pcap.out index 3aac9a7f7..2873d6b09 100644 --- a/test/results/default/xiaomi.pcap.out +++ b/test/results/default/xiaomi.pcap.out @@ -1,8 +1,8 @@ 00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00786{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} -00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_usec":1639054136437359,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="} -00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":""}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","vlan_id":208,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_usec":1639054136437359,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":""}} 00787{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643625846975752,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643625846975752,"pkt":"AAAAAAAAAA0AYH2pCABFFAA8AABAAC4G2JdzpErowKj02xRms1CUmJB5c0FIJ6ASaVAVsQAAAgQFUAQCCAri0mMlEWpVrAEDAwk="} @@ -18,7 +18,7 @@ 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1643625848565253,"flow_dst_last_pkt_time":1643625848472973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643625848565253,"pkt":"AAAAAAAAAAMAPY54CABFFAB2dEZAAC8GYOVzpErowKj3DRRmlIK6\/lCj\/G72NYAYADVuFAAAAQEICtn0JQPVsuQJwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjg0NDQ0MzU3NjcSBDcwOTgaAggAIgB8CwtM"} 01789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1643625848565253,"flow_dst_last_pkt_time":1643625848625978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":980,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":980,"pkt_l4_len":946,"thread_ts_usec":1643625848625978,"pkt":"AAAAAAAAAAEAxKEDCABFAAPGHahAAD8GpEfAqPcNc6RK6JSCFGb8bvY1uv5Q5YAYAIAbUAAAAQEICtWy5KXZ9CUDwv4ABQAAA4ZhyuiivKNqTM6MvCVQLwLFLXuN8Ti2uKkUS9UhiLPFNQ1Zlw0QHn5W+ixAcn9MBz7sw7ugcmMsMZfcSRv\/oUE94XJ+uEXW6gbEyjqkQSECFKhwTXlwn\/PMNJeyV\/S4Ox1H0SS5drtWFExpwmX6wmbiUPgTVotJp7Bl6uwjWiyojEhQEaQ3C0EEgnRPC0DZqgymwGOVgFq2MtISTfa9HFXi\/E6AUNGDS70orOtdWWtBPaLbib1341h0Fno3u5Zaiky\/NFEGbZuIsrowk91Nepj2\/RdT1zuJ1QzdL4YxXBOY0fcLUUqOsF9lltKrvKslyPEzBkwu+wqkq51gQRRYllheRlrVh70t8xuTcukingtckEBrCGm8c6ci9MFKyxEq\/IZOm+OryXFICTlmoFsDKKGtqlnf3oXBseGhrVKWnHi6QpBsMkiJ5jPLYQ5KLoYHtBxJ+urTNP1za8YjyP4Ro\/2jyGkMeunenEhuqPY93Vi9jbpLDMEaCCzg5BUOgTUVeP8SuBL+ccIZIsyU4zYpwQGfbnLuPeDx+UadESQoLuiYUIsKgUHrdlP0TtGhuoun2qIafjV5lLKYIr5HcNa\/efltyTOCNHomJQm6ZuC7QnHiBgw+ge\/PfkmU\/XKGU4fmh\/mw8fSsJJtLJL+Oic5cZPK\/V5PWXDy6eM5PB1DPX6z228RjzgsWZNO8xy6ZDjF3WY\/XVW6SrhlxRXZa3x4nOp\/+M3T+npCD\/xZFlCYruC6cJwa\/3nEUNLp+8aV9TnOZ5vBIw6SMCEEIaIpi49lC9d4pMTVwbU4fZHQxFQXJpPgWuSL5O1JP60SZ1o694lEnB+qmxhj6SYCActUkMOv2Wf06goQkAQbY\/8JHAxdb\/k8tyiEfkXrDJPTtoA62kjkf+hiA\/+mCEyUhQaoDPM\/AGEuIjYBZzOEz1Bq\/LnuB99mHBU9xo\/e\/d3L15XDvZ0Ka+txhTesmxCzRWyNyOreZ6gHjb27zBC+ZkXfV0iLIyLixJRPWHnasHAdzuYUScZO34R2MXvCI4vUI1MS2hznqRhD2i7NeoxP1zCgCMtJO1eiVIOHE2LMjnqziJgTEGk0UZggS9AKy0AE+MLbnVIK9AEzUBJvksBq9egE1JsKjuFZW2dotSzYQMrJbkuZtu0SWbWIaEDgLLuOc1jtDRBrsD\/gsP3BsyZp7SyAD9kir0AbFNtOlnNzY4Bhsu\/A="} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643625848723385,"flow_dst_last_pkt_time":1643625848625978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":172,"pkt_l4_len":138,"thread_ts_usec":1643625848723385,"pkt":"AAAAAAAAAAMAPY54CABFFACedEdAADAGX7xzpErowKj3DRRmlIK6\/lDl\/G75x4AYADTW\/QAAAQEICtn0JaLVsuSlwv4ABQAAAF5hyuiivKNpJM6MvCVQLwLFLXuN8Ti2uKkUS9UhiLPFNQ1Zlw0QHn5W+ixAcn9MBz7sw7ugcmMsMZ\/YS8Ls1AU54VNuk1y92gDmmTamcRsWMfNtSyJ22vL0P4KTY77PIQAvlA=="} -00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643625848723385,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643625848723385,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643625858130651,"flow_src_last_pkt_time":1643625858130651,"flow_dst_last_pkt_time":1643625858130651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643625858130651,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1643625858130651,"flow_dst_last_pkt_time":1643625858130651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643625858130651,"pkt":"AAAAAAAAAAUARa2GCABFFAA8AABAAC0GVvFhJ3eswKhdOxRmySBqbHLib20O5qASaVBi5QAAAgQFUAQCCAoVb3OrFqysdQEDAwk="} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1643625858130651,"flow_dst_last_pkt_time":1643625858163146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1643625858163146,"pkt":"AAAAAAAAAAUARa2GCABFAADeXtNAAEAG5I\/AqF07YSd3rMkgFGZvbQ7mamxy44AYAVdX7gAAAQEIChasrOMVb3Orwv4ABQAAAJ4AAgAWAAAAgAgAGgp4aWFvbWkuY29tKgRDT05OSAAIahIJTTIxMDFLN0JHGhJWMTIuNS4xNS4wLlJLTE1JWE0iKmEtQUM5NDFEMkFEQUQ4RkVDNEJGODYzMTRDQzhDNTE2Q0I3NkY2OTUyQSguMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS41OS44Nzo1MjIyQgVhcl9FR0oCGABQHn0CJwc="} diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out index 9ff6b304d..5b6b229ba 100644 --- a/test/results/disable_protocols/soap.pcap.out +++ b/test/results/disable_protocols/soap.pcap.out @@ -10,14 +10,14 @@ 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} 01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} 00801{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} -00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} -02184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} -00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_usec":1639054092687121,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} -02183{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639054092826306,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092826306,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE86uzQADxBpgGuSDAHlWacnEAUNrcPMefVJW6dgJQGD199lwAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuRE1TQ29uZmlnIiBtaW5vcj0iMzUiIHBhcmFtaGVhZGVybGVuZ3RoPSIxMDc0IiBzaWduYXR1cmU9IlB5TnFZSHVKRElUd1Y1SDlMdVNvbmhKZ09jNmloU3ZOcXBSN1NPL3JZVVJvckI4WDFLd3I2NUlqaGJmd1duWEVZVWpYQURhRUpTeGd4cUxUcEpubnVVME1RaUNHcC84WWlkQ2lBKzdQMHlEYXg3NStiM2lBazEzeHJFRTN5S043SmpvMmlvR3piTDdyVUtUOHZvek1hTkhhN2x2Qmg3YTZnUlRLU3NtM000cVoyVXVkV29TelQ5bEdTMGZ3NG0zN1BPOGtvaWRqdVJ2Vk5sbkxOT0Y2WjBVS01JN0x6SjhiSWdjRWx1eiswYnZvT3lBclRLOE5HOFhiTXlGek84c0xnUEZCQ3c3dHlEWGNWYVkxRGZIS3hPVFFHOUtZcTNEbG54VGJkaHBFK2paU0xvclMvKzc3aXRhZFNqSm54N0xYKzZoY28xVGxsb3FLUzFiQ2dXdS9Odz09IiBzaWduZXI9InQ1TDVobWdCWXBORjVicjBjOGlnOUtCNG8waE5reGk3NVBpZ0pudlN4MW4vZCsrcFl0cXhMU3FYMGY1YTFVeXc1ZG00bHdoZC9ZcVFPYVFpR0hqdjRBQk5rWXFjZW1pMDZGdWVXN0wzM0xqL0U2c1NaSk5hTGtwREFIVjNUUS9ZdUFkeC9iN095WFQ0TmtNdU02bHUzaVgxNWlJeWF6Y0lKNjhVblFQYjNQWklrVUZLNzc0ZFRWc1IwKzJNcWFaSmNQTVQyWWU1TVJMa3kzOGVsckRSOXV2RDA4THNobEpneURSV2ZNVFppMEpGWk5PRE5mQ3VLcStBY012WDF6YzZzMmhPMDBYcjBGVzZ2WDlrREthSHlCNCtDdVQrWWtPMStxV1dlcCs0alcwVkwyTldWRmpFeUpuZi9JSHVIWW9aT2xMNDQ4aTdvNitnTDgrMWhCbDZNUT09IiBrZXk9IkZWclNPNTRGNXZCYkFZZ0N1T1BJL3Rrb05mOXk0Q2dXQVorVm9ibVBkRSs3ZVVPcU02TzZ1SytFZkpuYU5TVzltZDNTWVBXdFVOVi9UZmpIL0dFcXNBQ2FDb3dsUDRBQjJWeGtZMzhQRC9Gb1FKekg4YlhiYitDa3JVaEdiUkNlYlFLQ2pCV2x2VERDeGFWZXlLTnN4OXI1dFppTE82blp0ODFwZnhETzRIWFcyQTZUaVNtRFh6K29RSkFoOC8zUXZEODk0VTRMZGxBdEpOdmNNMUhtcTliZTlyQXVRcWFjSUZBY08zd1Y2ZTFVdlFDOFhrNDVJVVYyTHpXc0d1MTF4VE9HcXp5SEtQYWNWRnlmdjMrSERyM2pMcFREcUVyQ25JK3k4akd2YVkzb2Z0R2FXZ1RTSjZsVlo5QTUvSlEvTVJGNjkyQ3Q1TjVvWndBV3VBejVaUT09IiBpbml0dmVjdG9yPSI4Y3U4UXdpWXRXbTNDNGUzTzB3Wi93PT0iPg0KPC9aTWVzc2FnZT4NCg=="} -01996{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} +02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_usec":1639054092687121,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} +02197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639054092826306,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092826306,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE86uzQADxBpgGuSDAHlWacnEAUNrcPMefVJW6dgJQGD199lwAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuRE1TQ29uZmlnIiBtaW5vcj0iMzUiIHBhcmFtaGVhZGVybGVuZ3RoPSIxMDc0IiBzaWduYXR1cmU9IlB5TnFZSHVKRElUd1Y1SDlMdVNvbmhKZ09jNmloU3ZOcXBSN1NPL3JZVVJvckI4WDFLd3I2NUlqaGJmd1duWEVZVWpYQURhRUpTeGd4cUxUcEpubnVVME1RaUNHcC84WWlkQ2lBKzdQMHlEYXg3NStiM2lBazEzeHJFRTN5S043SmpvMmlvR3piTDdyVUtUOHZvek1hTkhhN2x2Qmg3YTZnUlRLU3NtM000cVoyVXVkV29TelQ5bEdTMGZ3NG0zN1BPOGtvaWRqdVJ2Vk5sbkxOT0Y2WjBVS01JN0x6SjhiSWdjRWx1eiswYnZvT3lBclRLOE5HOFhiTXlGek84c0xnUEZCQ3c3dHlEWGNWYVkxRGZIS3hPVFFHOUtZcTNEbG54VGJkaHBFK2paU0xvclMvKzc3aXRhZFNqSm54N0xYKzZoY28xVGxsb3FLUzFiQ2dXdS9Odz09IiBzaWduZXI9InQ1TDVobWdCWXBORjVicjBjOGlnOUtCNG8waE5reGk3NVBpZ0pudlN4MW4vZCsrcFl0cXhMU3FYMGY1YTFVeXc1ZG00bHdoZC9ZcVFPYVFpR0hqdjRBQk5rWXFjZW1pMDZGdWVXN0wzM0xqL0U2c1NaSk5hTGtwREFIVjNUUS9ZdUFkeC9iN095WFQ0TmtNdU02bHUzaVgxNWlJeWF6Y0lKNjhVblFQYjNQWklrVUZLNzc0ZFRWc1IwKzJNcWFaSmNQTVQyWWU1TVJMa3kzOGVsckRSOXV2RDA4THNobEpneURSV2ZNVFppMEpGWk5PRE5mQ3VLcStBY012WDF6YzZzMmhPMDBYcjBGVzZ2WDlrREthSHlCNCtDdVQrWWtPMStxV1dlcCs0alcwVkwyTldWRmpFeUpuZi9JSHVIWW9aT2xMNDQ4aTdvNitnTDgrMWhCbDZNUT09IiBrZXk9IkZWclNPNTRGNXZCYkFZZ0N1T1BJL3Rrb05mOXk0Q2dXQVorVm9ibVBkRSs3ZVVPcU02TzZ1SytFZkpuYU5TVzltZDNTWVBXdFVOVi9UZmpIL0dFcXNBQ2FDb3dsUDRBQjJWeGtZMzhQRC9Gb1FKekg4YlhiYitDa3JVaEdiUkNlYlFLQ2pCV2x2VERDeGFWZXlLTnN4OXI1dFppTE82blp0ODFwZnhETzRIWFcyQTZUaVNtRFh6K29RSkFoOC8zUXZEODk0VTRMZGxBdEpOdmNNMUhtcTliZTlyQXVRcWFjSUZBY08zd1Y2ZTFVdlFDOFhrNDVJVVYyTHpXc0d1MTF4VE9HcXp5SEtQYWNWRnlmdjMrSERyM2pMcFREcUVyQ25JK3k4akd2YVkzb2Z0R2FXZ1RTSjZsVlo5QTUvSlEvTVJGNjkyQ3Q1TjVvWndBV3VBejVaUT09IiBpbml0dmVjdG9yPSI4Y3U4UXdpWXRXbTNDNGUzTzB3Wi93PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +02010{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} diff --git a/test/results/flow-captured/default/mongodb.pcap.out b/test/results/flow-captured/default/mongodb.pcap.out index a3a4febda..87bab72a2 100644 --- a/test/results/flow-captured/default/mongodb.pcap.out +++ b/test/results/flow-captured/default/mongodb.pcap.out @@ -1 +1,2 @@ -Flow 5 risky: tcp 10.10.10.18:64566 -> 10.10.10.19:30000 +Flow 8 not-detected: tcp 10.10.10.18:64566 -> 10.10.10.19:30000 +Flow 7 risky: tcp 10.10.10.18:64566 -> 10.10.10.19:30000 diff --git a/test/results/flow-captured/default/syslog.pcap.out b/test/results/flow-captured/default/syslog.pcap.out index 7e9329201..eda09d5a7 100644 --- a/test/results/flow-captured/default/syslog.pcap.out +++ b/test/results/flow-captured/default/syslog.pcap.out @@ -1,3 +1,4 @@ Flow 6 not-detected: 41 216.66.80.30 -> 193.24.227.12 Flow 5 not-detected: 41 193.24.227.10 -> 216.66.86.114 +Flow 16 not-detected: tcp 169.46.82.162:52173 -> 10.186.117.194:49948 Flow 15 risky: tcp 10.186.117.194:49948 -> 169.46.82.162:52173 diff --git a/test/results/flow-info/default/ajp.pcap.out b/test/results/flow-info/default/ajp.pcap.out index deb88f49b..fc603edcc 100644 --- a/test/results/flow-info/default/ajp.pcap.out +++ b/test/results/flow-info/default/ajp.pcap.out @@ -1,22 +1,22 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] + new: [.....1][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] - detected: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable] + detected: [.....1][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16] - new: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] + new: [.....2][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [7/16] - detected: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable] + detected: [.....2][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [8/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [9/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16] - idle: [.....1] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable] - idle: [.....2] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable] + idle: [.....1][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8009] [AJP][Unknown][Web][Acceptable] + idle: [.....2][...7] [ip4][..tcp] [...172.29.9.146][38856] -> [...172.29.9.147][.8010] [AJP][Unknown][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/bfd.pcap.out b/test/results/flow-info/default/bfd.pcap.out index df172f5c6..cccdc094e 100644 --- a/test/results/flow-info/default/bfd.pcap.out +++ b/test/results/flow-info/default/bfd.pcap.out @@ -1,16 +1,16 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] - detected: [.....1] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable] - new: [.....2] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] - detected: [.....2] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable] - new: [.....3] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] - detected: [.....3] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable] - new: [.....4] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] - detected: [.....4] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable] - idle: [.....2] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable] - idle: [.....1] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable] - idle: [.....4] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable] - idle: [.....3] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable] + new: [.....1][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] + detected: [.....1][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable] + new: [.....2][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] + detected: [.....2][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable] + new: [.....3][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] + detected: [.....3][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable] + new: [.....4][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] + detected: [.....4][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable] + idle: [.....2][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.1][.3784] [BFD][Unknown][Network][Acceptable] + idle: [.....1][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.3][.3784] [BFD][Unknown][Network][Acceptable] + idle: [.....4][..13] [ip4][..udp] [.....155.1.13.3][49152] -> [.....155.1.13.3][.3785] [BFD][Unknown][Network][Acceptable] + idle: [.....3][..13] [ip4][..udp] [.....155.1.13.1][49152] -> [.....155.1.13.1][.3785] [BFD][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/bot.pcap.out b/test/results/flow-info/default/bot.pcap.out index 6eb194f6a..d87d5c60d 100644 --- a/test/results/flow-info/default/bot.pcap.out +++ b/test/results/flow-info/default/bot.pcap.out @@ -1,10 +1,10 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] - detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it] + new: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] + detected: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it] RISK: Crawler/Bot - analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it] + analyse: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.114| 0.014| 0.036| 1309.010| 2.200] [PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600] @@ -14,6 +14,6 @@ [IATS(ms)....: 0.4,106.5,0.0,106.7,7.6,0.1,0.1,0.1,0.0,0.0,0.8,0.0,0.0,0.0,114.2,0.3,105.4,0.1,0.0,0.0,0.1,0.0,0.0,0.0,0.2,0.0,0.1,0.0,0.8,0.1,0.5] [PKTLENS.....: 48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480] [ENTROPIES...: 4.7,4.8,4.7,5.6,4.7,6.4,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.1,4.7,4.6,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.4,5.9,7.9,5.5,4.9,4.7,4.7,5.1] - end: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it] + end: [.....1][..77] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it] RISK: Crawler/Bot DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/cpha.pcap.out b/test/results/flow-info/default/cpha.pcap.out index 73db98c0b..4735e97a8 100644 --- a/test/results/flow-info/default/cpha.pcap.out +++ b/test/results/flow-info/default/cpha.pcap.out @@ -1,7 +1,7 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] - detected: [.....1] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun] - idle: [.....1] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun] + new: [.....1][..21] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] + detected: [.....1][..21] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun] + idle: [.....1][..21] [ip4][..udp] [........0.0.0.0][.8116] -> [.....172.21.3.0][.8116] [CPHA][Unknown][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/false_positives.pcapng.out b/test/results/flow-info/default/false_positives.pcapng.out index d2a0dbfcd..6acef84eb 100644 --- a/test/results/flow-info/default/false_positives.pcapng.out +++ b/test/results/flow-info/default/false_positives.pcapng.out @@ -17,8 +17,8 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] ERROR-EVENT: Unknown packet type [16/16] - new: [.....1] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] - detected: [.....1] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable] + new: [.....1][.107] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] + detected: [.....1][.107] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable] DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] ERROR-EVENT: Unknown packet type [1/16] @@ -40,7 +40,7 @@ DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.12.156][37649] -> [..57.128.172.97][.9981] - idle: [.....1] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable] + idle: [.....1][.107] [ip4][..udp] [...10.126.70.67][23784] -> [...10.236.7.225][50160] [RTP][Unknown][Media][Acceptable] not-detected: [.....2] [ip4][..udp] [.192.168.12.156][37649] -> [..57.128.172.97][.9981] [Unknown][Unknown][Unrated] RISK: Susp Entropy idle: [.....2] [ip4][..udp] [.192.168.12.156][37649] -> [..57.128.172.97][.9981] diff --git a/test/results/flow-info/default/gquic_only_from_server.pcap.out b/test/results/flow-info/default/gquic_only_from_server.pcap.out index ba5a45e21..265b25042 100644 --- a/test/results/flow-info/default/gquic_only_from_server.pcap.out +++ b/test/results/flow-info/default/gquic_only_from_server.pcap.out @@ -1,7 +1,7 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] - detected: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable] - idle: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable] + new: [.....1][1508] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] + detected: [.....1][1508] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable] + idle: [.....1][1508] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gre.pcapng.out b/test/results/flow-info/default/gre.pcapng.out index 86fe894a6..750268a11 100644 --- a/test/results/flow-info/default/gre.pcapng.out +++ b/test/results/flow-info/default/gre.pcapng.out @@ -1,7 +1,7 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] - detected: [.....1] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable] - idle: [.....1] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable] + new: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] + detected: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable] + idle: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/hsrp0.pcap.out b/test/results/flow-info/default/hsrp0.pcap.out index 90acfed7b..1b68fb9a5 100644 --- a/test/results/flow-info/default/hsrp0.pcap.out +++ b/test/results/flow-info/default/hsrp0.pcap.out @@ -1,16 +1,16 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] - detected: [.....1] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - new: [.....2] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] - detected: [.....2] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - new: [.....3] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] - detected: [.....3] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - new: [.....4] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] - detected: [.....4] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - idle: [.....3] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - idle: [.....2] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - idle: [.....4] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] - idle: [.....1] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + new: [.....1][..10] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] + detected: [.....1][..10] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + new: [.....2][..12] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] + detected: [.....2][..12] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + new: [.....3][..13] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] + detected: [.....3][..13] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + new: [.....4][..10] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] + detected: [.....4][..10] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + idle: [.....3][..13] [ip4][..udp] [..10.28.171.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + idle: [.....2][..12] [ip4][..udp] [..10.28.170.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + idle: [.....4][..10] [ip4][..udp] [..10.28.168.252][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] + idle: [.....1][..10] [ip4][..udp] [..10.28.168.253][.1985] -> [......224.0.0.2][.1985] [HSRP][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/kerberos-error.pcap.out b/test/results/flow-info/default/kerberos-error.pcap.out index 6e874eb33..b2c0ded8c 100644 --- a/test/results/flow-info/default/kerberos-error.pcap.out +++ b/test/results/flow-info/default/kerberos-error.pcap.out @@ -1,7 +1,7 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] - detected: [.....1] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable] - idle: [.....1] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable] + new: [.....1][2008] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] + detected: [.....1][2008] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable] + idle: [.....1][2008] [ip4][..udp] [.148.151.79.183][34473] -> [.144.199.10.233][...88] [Kerberos][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mongodb.pcap.out b/test/results/flow-info/default/mongodb.pcap.out index 5324c968e..deace8da6 100644 --- a/test/results/flow-info/default/mongodb.pcap.out +++ b/test/results/flow-info/default/mongodb.pcap.out @@ -1,29 +1,40 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] - detected: [.....1] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable] + new: [.....1][.300] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] + new: [.....2][..50] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] + detected: [.....1][.300] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable] DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....2] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] - detected: [.....2] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable] - idle: [.....1] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3][.300] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] + new: [.....4][..50] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] + detected: [.....3][.300] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable] + guessed: [.....2][..50] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2][..50] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] + idle: [.....1][.300] [ip4][..tcp] [....10.10.10.10][51822] -> [....10.10.10.11][27017] [MongoDB][Unknown][Database][Acceptable] DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....3] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] - detected: [.....3] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable] - idle: [.....2] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable] + DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] + new: [.....5][.100] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] + detected: [.....5][.100] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable] + guessed: [.....4][..50] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable] + RISK: Unidirectional Traffic + idle: [.....4][..50] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] + idle: [.....3][.300] [ip4][..tcp] [....10.10.10.12][55582] -> [....10.10.10.13][27017] [MongoDB][Unknown][Database][Acceptable] DAEMON-EVENT: [Processed: 16 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....4] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] - detected: [.....4] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable] - idle: [.....3] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable] + DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0] + new: [.....6][.100] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] + detected: [.....6][.100] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable] + idle: [.....5][.100] [ip4][..tcp] [....10.10.10.14][61503] -> [....10.10.10.15][27017] [MongoDB][Unknown][Database][Acceptable] DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....5] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] - detected: [.....5] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable] + DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0] + new: [.....7][.300] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] + new: [.....8][..50] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] + detected: [.....7][.300] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....5] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable] + not-detected: [.....8][..50] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [Unknown][Unknown][Unrated] + idle: [.....8][..50] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] + idle: [.....7][.300] [ip4][..tcp] [....10.10.10.18][64566] -> [....10.10.10.19][30000] [MongoDB][Unknown][Database][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....4] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable] + idle: [.....6][.100] [ip4][..tcp] [....10.10.10.16][51358] -> [....10.10.10.17][27017] [MongoDB][Unknown][Database][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mpegts.pcap.out b/test/results/flow-info/default/mpegts.pcap.out index f643c1fbe..c19ac7028 100644 --- a/test/results/flow-info/default/mpegts.pcap.out +++ b/test/results/flow-info/default/mpegts.pcap.out @@ -1,7 +1,7 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] - detected: [.....1] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun] - idle: [.....1] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun] + new: [.....1][3359] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] + detected: [.....1][3359] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun] + idle: [.....1][3359] [ip4][..udp] [.....10.1.16.48][40737] -> [.230.200.201.23][.1234] [MPEG_TS][Unknown][Media][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mqtt.pcap.out b/test/results/flow-info/default/mqtt.pcap.out index d1ea983a1..ca174f61d 100644 --- a/test/results/flow-info/default/mqtt.pcap.out +++ b/test/results/flow-info/default/mqtt.pcap.out @@ -3,8 +3,8 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.10.10.1][.1883] -> [....192.168.0.1][41892] detected: [.....1] [ip4][..tcp] [.....10.10.10.1][.1883] -> [....192.168.0.1][41892] [MQTT][Unknown][RPC][Acceptable] - new: [.....2] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable] - idle: [.....2] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable] + new: [.....2][1008] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MIDSTREAM] + detected: [.....2][1008] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable] + idle: [.....2][1008] [ip4][..tcp] [..100.67.35.238][35035] -> [..51.137.28.239][.1883] [MQTT][Azure][RPC][Acceptable] idle: [.....1] [ip4][..tcp] [.....10.10.10.1][.1883] -> [....192.168.0.1][41892] [MQTT][Unknown][RPC][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/netbios.pcap.out b/test/results/flow-info/default/netbios.pcap.out index bde6001fd..293fe7188 100644 --- a/test/results/flow-info/default/netbios.pcap.out +++ b/test/results/flow-info/default/netbios.pcap.out @@ -60,8 +60,8 @@ update: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*] DAEMON-EVENT: [Processed: 260 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 15 / 15|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 5] - new: [....16] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [MIDSTREAM] - detected: [....16] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable][] + new: [....16][2308] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [MIDSTREAM] + detected: [....16][2308] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable][] idle: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] [NetBIOS][Unknown][System][Acceptable][gunnar] idle: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][gunnar] idle: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][ozi] @@ -78,7 +78,7 @@ RISK: Unsafe Protocol idle: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*] idle: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*] - idle: [....16] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable] + idle: [....16][2308] [ip4][..tcp] [...10.19.71.184][55489] -> [..10.17.113.129][..139] [NetBIOS][Unknown][System][Acceptable] guessed: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [NetBIOS][Unknown][System][Acceptable][] idle: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rdp2.pcap.out b/test/results/flow-info/default/rdp2.pcap.out index 708c10895..a3de605a1 100644 --- a/test/results/flow-info/default/rdp2.pcap.out +++ b/test/results/flow-info/default/rdp2.pcap.out @@ -6,18 +6,18 @@ RISK: Desktop/File Sharing DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] - detected: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + new: [.....2][1308] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] + detected: [.....2][1308] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing idle: [.....1] [ip4][..udp] [192.168.122.181][54759] -> [..192.168.122.2][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing DAEMON-EVENT: [Processed: 32 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] - detected: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + new: [.....3][1108] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] + detected: [.....3][1108] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing - idle: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + idle: [.....2][1308] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing - idle: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + idle: [.....3][1108] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rtp.pcapng.out b/test/results/flow-info/default/rtp.pcapng.out index b5b4ff7c4..0c3cb7c85 100644 --- a/test/results/flow-info/default/rtp.pcapng.out +++ b/test/results/flow-info/default/rtp.pcapng.out @@ -23,8 +23,8 @@ new: [.....3] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] detected: [.....3] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] [Discord][Unknown][Collaborative][Fun] idle: [.....2] [ip4][..tcp] [..172.16.168.24][40252] -> [..172.16.168.64][.5000] [RTP][Unknown][Media][Acceptable] - new: [.....4] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] - detected: [.....4] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable] + new: [.....4][1508] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] + detected: [.....4][1508] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable] idle: [.....3] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] [Discord][Unknown][Collaborative][Fun] - idle: [.....4] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable] + idle: [.....4][1508] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/smb_frags.pcap.out b/test/results/flow-info/default/smb_frags.pcap.out index c17116df7..3713e7898 100644 --- a/test/results/flow-info/default/smb_frags.pcap.out +++ b/test/results/flow-info/default/smb_frags.pcap.out @@ -1,9 +1,9 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] - detected: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous][] + new: [.....1][1608] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] + detected: [.....1][1608] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous][] RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol - end: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous] + end: [.....1][1608] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/snmp.pcap.out b/test/results/flow-info/default/snmp.pcap.out index cf0062bda..61eb2be77 100644 --- a/test/results/flow-info/default/snmp.pcap.out +++ b/test/results/flow-info/default/snmp.pcap.out @@ -69,20 +69,20 @@ update: [....13] [ip4][..udp] [.113.19.156.111][54318] -> [.135.201.124.55][..162] [SNMP][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 62 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 15|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 10] - new: [....16] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] - detected: [....16] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable] + new: [....16][.908] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] + detected: [....16][.908] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable] RISK: Error Code idle: [....12] [ip4][..udp] [.200.76.132.137][54318] -> [189.111.255.214][..162] [SNMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic idle: [....13] [ip4][..udp] [.113.19.156.111][54318] -> [.135.201.124.55][..162] [SNMP][Unknown][Network][Acceptable] idle: [....15] [ip4][..udp] [.124.53.196.176][54318] -> [..103.248.22.47][..162] [SNMP][Unknown][Network][Acceptable] idle: [....14] [ip4][..udp] [..205.83.36.228][54318] -> [.160.174.106.32][..162] [SNMP][Unknown][Network][Acceptable] - new: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] - detected: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable] - detection-update: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable] + new: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] + detected: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable] + detection-update: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable] RISK: Error Code - idle: [....17] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable] + idle: [....17][1308] [ip4][..udp] [.....10.99.8.88][43242] -> [.10.100.253.146][..161] [SNMP][Unknown][Network][Acceptable] RISK: Error Code - idle: [....16] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable] + idle: [....16][.908] [ip4][..udp] [...10.231.2.134][..161] -> [....10.72.247.4][61088] [SNMP][Unknown][Network][Acceptable] RISK: Error Code DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/soap.pcap.out b/test/results/flow-info/default/soap.pcap.out index fa0eedb0c..4a974492b 100644 --- a/test/results/flow-info/default/soap.pcap.out +++ b/test/results/flow-info/default/soap.pcap.out @@ -7,9 +7,9 @@ RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] - detected: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] - idle: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] + new: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] + detected: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] + idle: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Cloud][Acceptable] RISK: Known Proto on Non Std Port guessed: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [HTTP][Unknown][Web][Acceptable][] diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out index 71db8e90f..bfc198108 100644 --- a/test/results/flow-info/default/stun.pcap.out +++ b/test/results/flow-info/default/stun.pcap.out @@ -1,8 +1,8 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] - detected: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + new: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] + detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] @@ -14,7 +14,7 @@ new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy - end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] DAEMON-EVENT: [Processed: 24 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] diff --git a/test/results/flow-info/default/syslog.pcap.out b/test/results/flow-info/default/syslog.pcap.out index 84acf374d..e3f97f683 100644 --- a/test/results/flow-info/default/syslog.pcap.out +++ b/test/results/flow-info/default/syslog.pcap.out @@ -13,19 +13,19 @@ update: [.....2] [ip4][..udp] [..10.251.23.139][59194] -> [....62.39.3.142][..514] [Syslog][Unknown][System][Acceptable] DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] - new: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] - detected: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] + new: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] + detected: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] idle: [.....2] [ip4][..udp] [..10.251.23.139][59194] -> [....62.39.3.142][..514] [Syslog][Unknown][System][Acceptable] - update: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] - new: [.....4] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] - detected: [.....4] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] - update: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] + update: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] + new: [.....4][.121] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] + detected: [.....4][.121] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] + update: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] DAEMON-EVENT: [Processed: 23 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....5] [ip4][...41] [..193.24.227.10] -> [..216.66.86.114] new: [.....6] [ip4][...41] [...216.66.80.30] -> [..193.24.227.12] - idle: [.....4] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] - idle: [.....3] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] + idle: [.....4][.121] [ip4][..udp] [..192.168.121.2][50352] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] + idle: [.....3][.121] [ip4][..udp] [.192.168.121.10][50080] -> [.192.168.120.10][..514] [Syslog][Unknown][System][Acceptable] DAEMON-EVENT: [Processed: 29 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....7] [ip4][..udp] [..172.21.251.36][62679] -> [..172.19.196.11][..514] @@ -67,33 +67,37 @@ idle: [....13] [ip4][..udp] [..10.224.43.149][57166] -> [..172.23.243.89][..514] [Syslog][Unknown][System][Acceptable] idle: [....11] [ip4][..udp] [..10.22.179.215][57166] -> [...172.26.54.76][..514] [Syslog][Unknown][System][Acceptable] idle: [....12] [ip4][..udp] [.192.168.45.162][57166] -> [..10.208.120.95][..514] [Syslog][Unknown][System][Acceptable] - new: [....15] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] + new: [....15][1506] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] update: [....14] [ip4][..udp] [.172.26.229.190][..514] -> [..172.23.80.196][..514] [Syslog][Unknown][System][Acceptable] - detected: [....15] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable] - RISK: Known Proto on Non Std Port + new: [....16][1906] [ip4][..tcp] [..169.46.82.162][52173] -> [.10.186.117.194][49948] + detected: [....15][1506] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....14] [ip4][..udp] [.172.26.229.190][..514] -> [..172.23.80.196][..514] [Syslog][Unknown][System][Acceptable] - new: [....16] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] - detected: [....16] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable] + new: [....17] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] + detected: [....17] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable] DAEMON-EVENT: [Processed: 81 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 16|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10] - new: [....17] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] - detected: [....17] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable] - idle: [....16] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable] - end: [....15] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable] - RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Flows][active: 3 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10] + new: [....18][.408] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] + detected: [....18][.408] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable] + idle: [....17] [ip4][..udp] [192.168.254.157][49611] -> [.196.240.66.148][..514] [Syslog][Unknown][System][Acceptable] + not-detected: [....16][1906] [ip4][..tcp] [..169.46.82.162][52173] -> [.10.186.117.194][49948] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic + idle: [....16][1906] [ip4][..tcp] [..169.46.82.162][52173] -> [.10.186.117.194][49948] + end: [....15][1506] [ip4][..tcp] [.10.186.117.194][49948] -> [..169.46.82.162][52173] [Syslog][Unknown][System][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10] + DAEMON-EVENT: [Flows][active: 1 / 18|skipped: 0|!detected: 3|guessed: 0|detection-updates: 0|updates: 10] ERROR-EVENT: Unknown packet type [1/16] ERROR-EVENT: Unknown packet type [2/16] ERROR-EVENT: Unknown packet type [3/16] ERROR-EVENT: Unknown packet type [4/16] DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 17|skipped: 0|!detected: 2|guessed: 0|detection-updates: 0|updates: 10] - new: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] - detected: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable] - new: [....19] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] - detected: [....19] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable] - idle: [....19] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable] - idle: [....17] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable] - idle: [....18] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable] + DAEMON-EVENT: [Flows][active: 1 / 18|skipped: 0|!detected: 3|guessed: 0|detection-updates: 0|updates: 10] + new: [....19][2005] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] + detected: [....19][2005] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable] + new: [....20][2005] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] + detected: [....20][2005] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable] + idle: [....20][2005] [ip4][..udp] [....10.94.80.60][39438] -> [...10.94.150.22][..514] [Syslog][Unknown][System][Acceptable] + idle: [....18][.408] [ip4][..udp] [..10.11.105.154][20627] -> [.....10.6.15.11][..514] [Syslog][Unknown][System][Acceptable] + idle: [....19][2005] [ip4][..udp] [...10.94.232.21][57374] -> [...10.94.150.21][..514] [Syslog][Unknown][System][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ultrasurf.pcap.out b/test/results/flow-info/default/ultrasurf.pcap.out index 9d2351f75..cca0be479 100644 --- a/test/results/flow-info/default/ultrasurf.pcap.out +++ b/test/results/flow-info/default/ultrasurf.pcap.out @@ -1,9 +1,9 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] - analyse: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] + new: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [MIDSTREAM] + detected: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] + analyse: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.150| 0.021| 0.036| 1271.455| 3.600] [PKTLEN......: 80.000| 2628.000| 1348.500| 1007.200| 1014474.800| 4.500] @@ -13,12 +13,12 @@ [IATS(ms)....: 0.0,21.3,0.0,11.0,29.1,61.5,0.0,10.8,0.0,9.2,30.8,10.8,0.0,20.0,0.0,29.3,0.0,0.0,0.0,9.3,30.6,150.5,0.0,11.9,141.8,0.0,17.9,20.0,0.0,20.0,10.1] [PKTLENS.....: 2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628] [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.9,5.5,5.4,7.9,7.9,7.9,5.5,7.9,7.9,7.8,7.9,5.5,5.3,5.4,5.4,7.8,5.5,7.8,7.9,7.9,5.5,5.5,7.9,7.9,7.9,7.9,7.9] - new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] - detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] + new: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] + detected: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] + detection-update: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] + analyse: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.271| 0.063| 0.099| 9897.855| 3.400] [PKTLEN......: 52.000| 1400.000| 349.300| 449.600| 202163.000| 4.000] @@ -28,12 +28,12 @@ [IATS(ms)....: 211.2,260.4,0.0,269.6,0.0,10.1,9.9,260.4,0.0,20.0,20.0,10.9,0.0,270.8,9.7,0.0,10.3,229.5,0.0,20.0,40.1,29.9,0.0,10.1,29.9,210.9,0.0,0.0,0.0,9.4,0.0] [PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113] [ENTROPIES...: 4.7,5.2,5.3,6.1,5.1,7.8,7.8,7.8,5.2,5.2,5.2,6.1,6.4,7.7,6.3,5.9,5.7,6.1,5.8,5.2,6.0,7.9,5.9,7.8,7.7,7.7,5.2,5.9,6.9,6.8,5.9,6.2] - new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] - detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] + new: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] + detected: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] + detection-update: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] + analyse: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.269| 0.059| 0.101| 10170.351| 3.100] [PKTLEN......: 52.000| 1400.000| 385.600| 479.700| 230117.000| 4.100] @@ -43,9 +43,9 @@ [IATS(ms)....: 209.5,239.7,0.0,251.1,0.0,11.4,0.0,260.7,0.0,9.6,20.0,20.0,269.1,20.0,0.0,231.0,0.0,20.0,0.0,0.0,0.0,0.0,0.0,249.6,0.0,0.0,0.0,0.0,10.1,0.0,0.0] [PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340] [ENTROPIES...: 4.7,5.2,5.0,6.1,5.2,7.8,7.9,7.9,5.2,5.2,5.1,6.0,7.4,6.0,5.8,6.3,5.1,5.7,7.9,7.4,7.8,7.6,7.1,7.0,5.1,5.9,6.1,6.8,6.9,5.9,6.8,7.9] - idle: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] - idle: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] + idle: [.....1][.200] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] + idle: [.....2][.200] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - idle: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] + idle: [.....3][.200] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/vxlan.pcap.out b/test/results/flow-info/default/vxlan.pcap.out index 21686884b..acb2e943a 100644 --- a/test/results/flow-info/default/vxlan.pcap.out +++ b/test/results/flow-info/default/vxlan.pcap.out @@ -1,25 +1,25 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] - detected: [.....1] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....2] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] - detected: [.....2] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....3] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] - detected: [.....3] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....4] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] - detected: [.....4] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] - detected: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] - detected: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] - detected: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] - detected: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - new: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] - detected: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - analyse: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....1][...5] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] + detected: [.....1][...5] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....2][...5] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] + detected: [.....2][...5] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....3][...5] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] + detected: [.....3][...5] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....4][...5] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] + detected: [.....4][...5] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....5][...5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] + detected: [.....5][...5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....6][...5] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] + detected: [.....6][...5] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] + detected: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] + detected: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + new: [.....9][...5] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] + detected: [.....9][...5] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + analyse: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.141| 0.010| 0.031| 963.930| 2.200] [PKTLEN......: 102.000| 1482.000| 1151.700| 546.600| 298767.600| 4.800] @@ -29,7 +29,7 @@ [IATS(ms)....: 10.5,1.4,0.1,0.0,11.4,0.5,9.5,113.3,10.6,140.6,0.1,0.1,3.1,0.2,0.6,0.2,1.3,0.2,1.3,3.6,0.2,0.4,0.2,2.3,0.2,0.3,0.2,0.8,0.2,0.7,0.2] [PKTLENS.....: 110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482] [ENTROPIES...: 5.6,5.7,7.8,7.9,7.6,5.6,7.1,5.6,7.6,5.6,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9] - analyse: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + analyse: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.151| 0.011| 0.030| 901.957| 2.500] [PKTLEN......: 102.000| 420.000| 125.100| 68.200| 4655.600| 4.800] @@ -39,13 +39,13 @@ [IATS(ms)....: 10.3,0.3,11.5,0.2,0.0,1.3,10.0,41.8,81.5,0.4,150.8,3.1,0.8,1.5,1.4,3.8,0.6,2.5,0.5,1.0,0.9,0.8,0.7,0.8,0.7,2.1,0.3,0.4,2.3,0.4,0.2] [PKTLENS.....: 110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102] [ENTROPIES...: 5.3,5.6,6.2,5.6,5.6,5.6,6.3,6.9,5.6,5.6,7.0,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.5,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.6,5.7] - idle: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....1] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....3] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....4] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] - idle: [.....2] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....5][...5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....6][...5] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....8][...5] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....1][...5] [ip4][..udp] [...192.168.22.4][60887] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....7][...5] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....3][...5] [ip4][..udp] [...192.168.22.4][49762] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....9][...5] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....4][...5] [ip4][..udp] [...192.168.22.5][60230] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] + idle: [.....2][...5] [ip4][..udp] [...192.168.22.5][43866] -> [...192.168.22.4][.4789] [VXLAN][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/whois.pcapng.out b/test/results/flow-info/default/whois.pcapng.out index 0da278786..4934d5388 100644 --- a/test/results/flow-info/default/whois.pcapng.out +++ b/test/results/flow-info/default/whois.pcapng.out @@ -5,18 +5,18 @@ detected: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Unknown][Network][Acceptable][example.com] DAEMON-EVENT: [Processed: 11 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] - detected: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] + new: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] + detected: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - detection-update: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] + detection-update: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Unknown][Network][Acceptable][example.com] DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] - new: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] - idle: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe] + new: [.....3][1908] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] + idle: [.....2][1603] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch - guessed: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] [Whois-DAS][Unknown][Network][Acceptable][] + guessed: [.....3][1908] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] [Whois-DAS][Unknown][Network][Acceptable][] RISK: Unidirectional Traffic - end: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] + end: [.....3][1908] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/xiaomi.pcap.out b/test/results/flow-info/default/xiaomi.pcap.out index 2418d1698..9c77e99d9 100644 --- a/test/results/flow-info/default/xiaomi.pcap.out +++ b/test/results/flow-info/default/xiaomi.pcap.out @@ -1,8 +1,8 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable][] + new: [.....1][.208] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [MIDSTREAM] + detected: [.....1][.208] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable][] DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] @@ -11,7 +11,7 @@ new: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] detected: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] [Xiaomi][Unknown][Web][Acceptable][47.241.35.73] RISK: Susp Entropy - idle: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable] + idle: [.....1][.208] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Alibaba][Web][Acceptable] new: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] detected: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] [Xiaomi][Unknown][Web][Acceptable][47.241.59.87] RISK: Susp Entropy diff --git a/test/results/flow-info/disable_protocols/soap.pcap.out b/test/results/flow-info/disable_protocols/soap.pcap.out index fa0eedb0c..4a974492b 100644 --- a/test/results/flow-info/disable_protocols/soap.pcap.out +++ b/test/results/flow-info/disable_protocols/soap.pcap.out @@ -7,9 +7,9 @@ RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] - detected: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] - idle: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] + new: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] + detected: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] + idle: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Cloud][Acceptable] RISK: Known Proto on Non Std Port guessed: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [HTTP][Unknown][Web][Acceptable][] diff --git a/test/results/influxd/default/ajp.pcap.out b/test/results/influxd/default/ajp.pcap.out index 0b688b738..5762a5449 100644 --- a/test/results/influxd/default/ajp.pcap.out +++ b/test/results/influxd/default/ajp.pcap.out @@ -1,4 +1,4 @@ -general json_lines=43,json_bytes=24142,flow_src_total_bytes=2112,flow_dst_total_bytes=482 +general json_lines=43,json_bytes=24334,flow_src_total_bytes=2112,flow_dst_total_bytes=482 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=12,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=12,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/bfd.pcap.out b/test/results/influxd/default/bfd.pcap.out index 942298288..828f0d9ac 100644 --- a/test/results/influxd/default/bfd.pcap.out +++ b/test/results/influxd/default/bfd.pcap.out @@ -1,4 +1,4 @@ -general json_lines=26,json_bytes=18836,flow_src_total_bytes=192,flow_dst_total_bytes=0 +general json_lines=26,json_bytes=19135,flow_src_total_bytes=192,flow_dst_total_bytes=0 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/bot.pcap.out b/test/results/influxd/default/bot.pcap.out index 89bef4df9..74e5f2159 100644 --- a/test/results/influxd/default/bot.pcap.out +++ b/test/results/influxd/default/bot.pcap.out @@ -1,4 +1,4 @@ -general json_lines=12,json_bytes=10811,flow_src_total_bytes=316,flow_dst_total_bytes=406780 +general json_lines=12,json_bytes=10928,flow_src_total_bytes=316,flow_dst_total_bytes=406780 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/cpha.pcap.out b/test/results/influxd/default/cpha.pcap.out index abe474783..cdf8233ff 100644 --- a/test/results/influxd/default/cpha.pcap.out +++ b/test/results/influxd/default/cpha.pcap.out @@ -1,4 +1,4 @@ -general json_lines=7,json_bytes=5396,flow_src_total_bytes=50,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=5448,flow_src_total_bytes=50,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/false_positives.pcapng.out b/test/results/influxd/default/false_positives.pcapng.out index f45c5504b..c864f8442 100644 --- a/test/results/influxd/default/false_positives.pcapng.out +++ b/test/results/influxd/default/false_positives.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=85,json_bytes=43232,flow_src_total_bytes=3200,flow_dst_total_bytes=2168 +general json_lines=85,json_bytes=43344,flow_src_total_bytes=3200,flow_dst_total_bytes=2168 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=32,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/gquic_only_from_server.pcap.out b/test/results/influxd/default/gquic_only_from_server.pcap.out index 0903f2414..eccd155a3 100644 --- a/test/results/influxd/default/gquic_only_from_server.pcap.out +++ b/test/results/influxd/default/gquic_only_from_server.pcap.out @@ -1,4 +1,4 @@ -general json_lines=11,json_bytes=15064,flow_src_total_bytes=38360,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=15184,flow_src_total_bytes=38360,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/gre.pcapng.out b/test/results/influxd/default/gre.pcapng.out index d5c08edaa..e0858df42 100644 --- a/test/results/influxd/default/gre.pcapng.out +++ b/test/results/influxd/default/gre.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=7,json_bytes=5735,flow_src_total_bytes=346,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=5791,flow_src_total_bytes=346,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/hsrp0.pcap.out b/test/results/influxd/default/hsrp0.pcap.out index cc04d9822..e63984446 100644 --- a/test/results/influxd/default/hsrp0.pcap.out +++ b/test/results/influxd/default/hsrp0.pcap.out @@ -1,4 +1,4 @@ -general json_lines=19,json_bytes=15075,flow_src_total_bytes=80,flow_dst_total_bytes=0 +general json_lines=19,json_bytes=15283,flow_src_total_bytes=80,flow_dst_total_bytes=0 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/hsrp2_ipv6.pcapng.out b/test/results/influxd/default/hsrp2_ipv6.pcapng.out index d4f76f49c..c9fa63064 100644 --- a/test/results/influxd/default/hsrp2_ipv6.pcapng.out +++ b/test/results/influxd/default/hsrp2_ipv6.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=23,json_bytes=18600,flow_src_total_bytes=1998,flow_dst_total_bytes=0 +general json_lines=23,json_bytes=18860,flow_src_total_bytes=1998,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=4,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/kerberos-error.pcap.out b/test/results/influxd/default/kerberos-error.pcap.out index 871c4200e..e0280c756 100644 --- a/test/results/influxd/default/kerberos-error.pcap.out +++ b/test/results/influxd/default/kerberos-error.pcap.out @@ -1,4 +1,4 @@ -general json_lines=8,json_bytes=6601,flow_src_total_bytes=287,flow_dst_total_bytes=102 +general json_lines=8,json_bytes=6676,flow_src_total_bytes=287,flow_dst_total_bytes=102 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/mongodb.pcap.out b/test/results/influxd/default/mongodb.pcap.out index b0c98f7a1..0a70dd87c 100644 --- a/test/results/influxd/default/mongodb.pcap.out +++ b/test/results/influxd/default/mongodb.pcap.out @@ -1,11 +1,11 @@ -general json_lines=45,json_bytes=32644,flow_src_total_bytes=706,flow_dst_total_bytes=0 -events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=23,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=5 +general json_lines=58,json_bytes=43814,flow_src_total_bytes=706,flow_dst_total_bytes=0 +events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=3,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=5,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=5,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=5,flow_detected_count=5,flow_guessed_count=0,flow_not_detected_count=0 +layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=8,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=8,flow_detected_count=5,flow_guessed_count=2,flow_not_detected_count=1 risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0 diff --git a/test/results/influxd/default/mpegts.pcap.out b/test/results/influxd/default/mpegts.pcap.out index 600926fd9..a655a0bdd 100644 --- a/test/results/influxd/default/mpegts.pcap.out +++ b/test/results/influxd/default/mpegts.pcap.out @@ -1,4 +1,4 @@ -general json_lines=7,json_bytes=7667,flow_src_total_bytes=1316,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=7727,flow_src_total_bytes=1316,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/mqtt.pcap.out b/test/results/influxd/default/mqtt.pcap.out index fdf7af2d3..d19e9c65a 100644 --- a/test/results/influxd/default/mqtt.pcap.out +++ b/test/results/influxd/default/mqtt.pcap.out @@ -1,4 +1,4 @@ -general json_lines=15,json_bytes=11366,flow_src_total_bytes=383,flow_dst_total_bytes=492 +general json_lines=15,json_bytes=11426,flow_src_total_bytes=383,flow_dst_total_bytes=492 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/netbios.pcap.out b/test/results/influxd/default/netbios.pcap.out index 90a925923..b17a24c7e 100644 --- a/test/results/influxd/default/netbios.pcap.out +++ b/test/results/influxd/default/netbios.pcap.out @@ -1,4 +1,4 @@ -general json_lines=90,json_bytes=75772,flow_src_total_bytes=13099,flow_dst_total_bytes=700 +general json_lines=90,json_bytes=75832,flow_src_total_bytes=13099,flow_dst_total_bytes=700 events flow_new_count=16,flow_end_count=0,flow_idle_count=16,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=15,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/rdp2.pcap.out b/test/results/influxd/default/rdp2.pcap.out index 114bf74e1..338af389e 100644 --- a/test/results/influxd/default/rdp2.pcap.out +++ b/test/results/influxd/default/rdp2.pcap.out @@ -1,4 +1,4 @@ -general json_lines=29,json_bytes=30187,flow_src_total_bytes=5097,flow_dst_total_bytes=4480 +general json_lines=29,json_bytes=30427,flow_src_total_bytes=5097,flow_dst_total_bytes=4480 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/rtp.pcapng.out b/test/results/influxd/default/rtp.pcapng.out index 353365f6a..b15b74364 100644 --- a/test/results/influxd/default/rtp.pcapng.out +++ b/test/results/influxd/default/rtp.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=38,json_bytes=38452,flow_src_total_bytes=40240,flow_dst_total_bytes=13839 +general json_lines=38,json_bytes=38572,flow_src_total_bytes=40240,flow_dst_total_bytes=13839 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/smb_frags.pcap.out b/test/results/influxd/default/smb_frags.pcap.out index cbccc2277..128e7e731 100644 --- a/test/results/influxd/default/smb_frags.pcap.out +++ b/test/results/influxd/default/smb_frags.pcap.out @@ -1,4 +1,4 @@ -general json_lines=11,json_bytes=10637,flow_src_total_bytes=1651,flow_dst_total_bytes=536 +general json_lines=11,json_bytes=10757,flow_src_total_bytes=1651,flow_dst_total_bytes=536 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/smtp-starttls.pcap.out b/test/results/influxd/default/smtp-starttls.pcap.out index 9d9757e92..03db8d3f8 100644 --- a/test/results/influxd/default/smtp-starttls.pcap.out +++ b/test/results/influxd/default/smtp-starttls.pcap.out @@ -1,4 +1,4 @@ -general json_lines=28,json_bytes=26890,flow_src_total_bytes=3118,flow_dst_total_bytes=6724 +general json_lines=28,json_bytes=27044,flow_src_total_bytes=3118,flow_dst_total_bytes=6724 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/snmp.pcap.out b/test/results/influxd/default/snmp.pcap.out index de4d9b1ae..4453857d4 100644 --- a/test/results/influxd/default/snmp.pcap.out +++ b/test/results/influxd/default/snmp.pcap.out @@ -1,4 +1,4 @@ -general json_lines=139,json_bytes=116348,flow_src_total_bytes=7241,flow_dst_total_bytes=4130 +general json_lines=139,json_bytes=116581,flow_src_total_bytes=7241,flow_dst_total_bytes=4130 events flow_new_count=17,flow_end_count=0,flow_idle_count=17,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/soap.pcap.out b/test/results/influxd/default/soap.pcap.out index 995bb36be..c9ff3bab3 100644 --- a/test/results/influxd/default/soap.pcap.out +++ b/test/results/influxd/default/soap.pcap.out @@ -1,4 +1,4 @@ -general json_lines=24,json_bytes=28051,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 +general json_lines=24,json_bytes=28163,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/stun.pcap.out b/test/results/influxd/default/stun.pcap.out index 4846d2f2c..b5402a6cc 100644 --- a/test/results/influxd/default/stun.pcap.out +++ b/test/results/influxd/default/stun.pcap.out @@ -1,4 +1,4 @@ -general json_lines=92,json_bytes=81449,flow_src_total_bytes=9664,flow_dst_total_bytes=9072 +general json_lines=92,json_bytes=81569,flow_src_total_bytes=9664,flow_dst_total_bytes=9072 events flow_new_count=9,flow_end_count=1,flow_idle_count=8,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=11,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=38,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/syslog.pcap.out b/test/results/influxd/default/syslog.pcap.out index 5828292c1..fa3eaf1d3 100644 --- a/test/results/influxd/default/syslog.pcap.out +++ b/test/results/influxd/default/syslog.pcap.out @@ -1,11 +1,11 @@ -general json_lines=148,json_bytes=122339,flow_src_total_bytes=13199,flow_dst_total_bytes=0 -events flow_new_count=19,flow_end_count=1,flow_idle_count=18,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=1,packet_count=6,packet_flow_count=57,init_count=1,reconnect_count=0,shutdown_count=1,status_count=10,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=2,flow_state_finished=17 +general json_lines=152,json_bytes=126316,flow_src_total_bytes=13199,flow_dst_total_bytes=0 +events flow_new_count=20,flow_end_count=1,flow_idle_count=19,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=3,flow_risky_count=1,packet_count=6,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=10,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=3,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=17,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=17,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=19,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=16,flow_l4_icmp_count=0,flow_l4_other_count=2 -detection flow_active_count=19,flow_detected_count=17,flow_guessed_count=0,flow_not_detected_count=2 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0 +severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=20,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=2,flow_l4_udp_count=16,flow_l4_icmp_count=0,flow_l4_other_count=2 +detection flow_active_count=20,flow_detected_count=17,flow_guessed_count=0,flow_not_detected_count=3 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0 diff --git a/test/results/influxd/default/ultrasurf.pcap.out b/test/results/influxd/default/ultrasurf.pcap.out index c81f7053d..c7bca91b3 100644 --- a/test/results/influxd/default/ultrasurf.pcap.out +++ b/test/results/influxd/default/ultrasurf.pcap.out @@ -1,4 +1,4 @@ -general json_lines=32,json_bytes=46591,flow_src_total_bytes=139720,flow_dst_total_bytes=62485 +general json_lines=32,json_bytes=46997,flow_src_total_bytes=139720,flow_dst_total_bytes=62485 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=2,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/vrrp3.pcapng.out b/test/results/influxd/default/vrrp3.pcapng.out index 396f82c1a..390c3f27b 100644 --- a/test/results/influxd/default/vrrp3.pcapng.out +++ b/test/results/influxd/default/vrrp3.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=15,json_bytes=10760,flow_src_total_bytes=240,flow_dst_total_bytes=0 +general json_lines=15,json_bytes=10916,flow_src_total_bytes=240,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/vxlan.pcap.out b/test/results/influxd/default/vxlan.pcap.out index 391c63878..84b275c72 100644 --- a/test/results/influxd/default/vxlan.pcap.out +++ b/test/results/influxd/default/vxlan.pcap.out @@ -1,4 +1,4 @@ -general json_lines=63,json_bytes=60023,flow_src_total_bytes=79480,flow_dst_total_bytes=0 +general json_lines=63,json_bytes=60743,flow_src_total_bytes=79480,flow_dst_total_bytes=0 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/whois.pcapng.out b/test/results/influxd/default/whois.pcapng.out index 04ec8264a..c05765b18 100644 --- a/test/results/influxd/default/whois.pcapng.out +++ b/test/results/influxd/default/whois.pcapng.out @@ -1,4 +1,4 @@ -general json_lines=30,json_bytes=27204,flow_src_total_bytes=3467,flow_dst_total_bytes=1453 +general json_lines=30,json_bytes=27459,flow_src_total_bytes=3467,flow_dst_total_bytes=1453 events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/default/xiaomi.pcap.out b/test/results/influxd/default/xiaomi.pcap.out index 0101a4dad..50733afa2 100644 --- a/test/results/influxd/default/xiaomi.pcap.out +++ b/test/results/influxd/default/xiaomi.pcap.out @@ -1,4 +1,4 @@ -general json_lines=58,json_bytes=49753,flow_src_total_bytes=3913,flow_dst_total_bytes=4078 +general json_lines=58,json_bytes=49809,flow_src_total_bytes=3913,flow_dst_total_bytes=4078 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/influxd/disable_protocols/soap.pcap.out b/test/results/influxd/disable_protocols/soap.pcap.out index 274976fad..ca95bd228 100644 --- a/test/results/influxd/disable_protocols/soap.pcap.out +++ b/test/results/influxd/disable_protocols/soap.pcap.out @@ -1,4 +1,4 @@ -general json_lines=24,json_bytes=28291,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 +general json_lines=24,json_bytes=28403,flow_src_total_bytes=8109,flow_dst_total_bytes=1637 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 diff --git a/test/results/stats/default/ajp.pcap.out b/test/results/stats/default/ajp.pcap.out index 7261aed63..9b6220f42 100644 --- a/test/results/stats/default/ajp.pcap.out +++ b/test/results/stats/default/ajp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:43 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24142 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24334 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/bfd.pcap.out b/test/results/stats/default/bfd.pcap.out index 836512089..910dc657f 100644 --- a/test/results/stats/default/bfd.pcap.out +++ b/test/results/stats/default/bfd.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:26 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18836 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19135 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/bot.pcap.out b/test/results/stats/default/bot.pcap.out index a08cececf..a2b231385 100644 --- a/test/results/stats/default/bot.pcap.out +++ b/test/results/stats/default/bot.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10811 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10928 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/cpha.pcap.out b/test/results/stats/default/cpha.pcap.out index 02b2897a2..44dccaa7c 100644 --- a/test/results/stats/default/cpha.pcap.out +++ b/test/results/stats/default/cpha.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5396 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5448 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/false_positives.pcapng.out b/test/results/stats/default/false_positives.pcapng.out index e14f3e634..4c499632e 100644 --- a/test/results/stats/default/false_positives.pcapng.out +++ b/test/results/stats/default/false_positives.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:85 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43232 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43344 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/gquic_only_from_server.pcap.out b/test/results/stats/default/gquic_only_from_server.pcap.out index 9dde15708..a637670ee 100644 --- a/test/results/stats/default/gquic_only_from_server.pcap.out +++ b/test/results/stats/default/gquic_only_from_server.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15064 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15184 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/gre.pcapng.out b/test/results/stats/default/gre.pcapng.out index 0e92806b0..9f292296e 100644 --- a/test/results/stats/default/gre.pcapng.out +++ b/test/results/stats/default/gre.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5735 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5791 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/hsrp0.pcap.out b/test/results/stats/default/hsrp0.pcap.out index 7c3602c80..8e2fd97d2 100644 --- a/test/results/stats/default/hsrp0.pcap.out +++ b/test/results/stats/default/hsrp0.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15075 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15283 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/hsrp2_ipv6.pcapng.out b/test/results/stats/default/hsrp2_ipv6.pcapng.out index d714461e3..39c408c0d 100644 --- a/test/results/stats/default/hsrp2_ipv6.pcapng.out +++ b/test/results/stats/default/hsrp2_ipv6.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18600 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18860 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/kerberos-error.pcap.out b/test/results/stats/default/kerberos-error.pcap.out index 01097c80d..1c2053d1e 100644 --- a/test/results/stats/default/kerberos-error.pcap.out +++ b/test/results/stats/default/kerberos-error.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6601 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6676 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/mongodb.pcap.out b/test/results/stats/default/mongodb.pcap.out index 93fa088c3..06fb22ad9 100644 --- a/test/results/stats/default/mongodb.pcap.out +++ b/test/results/stats/default/mongodb.pcap.out @@ -1,19 +1,19 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:45 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32644 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:58 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43814 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:706 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:23 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:27 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 @@ -101,18 +101,18 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 diff --git a/test/results/stats/default/mpegts.pcap.out b/test/results/stats/default/mpegts.pcap.out index feaa1861c..b218c3a8d 100644 --- a/test/results/stats/default/mpegts.pcap.out +++ b/test/results/stats/default/mpegts.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7667 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7727 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/mqtt.pcap.out b/test/results/stats/default/mqtt.pcap.out index 20388be46..b1c7d7246 100644 --- a/test/results/stats/default/mqtt.pcap.out +++ b/test/results/stats/default/mqtt.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11366 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11426 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/netbios.pcap.out b/test/results/stats/default/netbios.pcap.out index 51adea2c7..59f57fe7d 100644 --- a/test/results/stats/default/netbios.pcap.out +++ b/test/results/stats/default/netbios.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:90 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75772 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75832 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:16 diff --git a/test/results/stats/default/rdp2.pcap.out b/test/results/stats/default/rdp2.pcap.out index 11ebf3bd7..cb2695d14 100644 --- a/test/results/stats/default/rdp2.pcap.out +++ b/test/results/stats/default/rdp2.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30187 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30427 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/rtp.pcapng.out b/test/results/stats/default/rtp.pcapng.out index 918f04853..dee0bd4b7 100644 --- a/test/results/stats/default/rtp.pcapng.out +++ b/test/results/stats/default/rtp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38452 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38572 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 diff --git a/test/results/stats/default/smb_frags.pcap.out b/test/results/stats/default/smb_frags.pcap.out index 602a67ddc..1fe89477c 100644 --- a/test/results/stats/default/smb_frags.pcap.out +++ b/test/results/stats/default/smb_frags.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10637 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10757 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/smtp-starttls.pcap.out b/test/results/stats/default/smtp-starttls.pcap.out index 35d0822fa..8169a16ed 100644 --- a/test/results/stats/default/smtp-starttls.pcap.out +++ b/test/results/stats/default/smtp-starttls.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26890 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27044 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 diff --git a/test/results/stats/default/snmp.pcap.out b/test/results/stats/default/snmp.pcap.out index d4ff4b263..68b8a376f 100644 --- a/test/results/stats/default/snmp.pcap.out +++ b/test/results/stats/default/snmp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:139 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:116348 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:116581 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:17 diff --git a/test/results/stats/default/soap.pcap.out b/test/results/stats/default/soap.pcap.out index bac513baa..48d4da549 100644 --- a/test/results/stats/default/soap.pcap.out +++ b/test/results/stats/default/soap.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28051 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28163 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/stun.pcap.out b/test/results/stats/default/stun.pcap.out index ead0cbaef..bd791e7f1 100644 --- a/test/results/stats/default/stun.pcap.out +++ b/test/results/stats/default/stun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:92 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:81449 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:81569 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8 diff --git a/test/results/stats/default/syslog.pcap.out b/test/results/stats/default/syslog.pcap.out index 2073415f2..d6aaf59b5 100644 --- a/test/results/stats/default/syslog.pcap.out +++ b/test/results/stats/default/syslog.pcap.out @@ -1,19 +1,19 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:148 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:122339 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:152 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:126316 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:13199 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:57 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 @@ -94,25 +94,25 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 @@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 diff --git a/test/results/stats/default/ultrasurf.pcap.out b/test/results/stats/default/ultrasurf.pcap.out index d1216bede..a0853622a 100644 --- a/test/results/stats/default/ultrasurf.pcap.out +++ b/test/results/stats/default/ultrasurf.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:32 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46591 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46997 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 diff --git a/test/results/stats/default/vrrp3.pcapng.out b/test/results/stats/default/vrrp3.pcapng.out index ab862f8c3..46fb08239 100644 --- a/test/results/stats/default/vrrp3.pcapng.out +++ b/test/results/stats/default/vrrp3.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10760 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10916 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/vxlan.pcap.out b/test/results/stats/default/vxlan.pcap.out index 1445ca095..d4203d2ef 100644 --- a/test/results/stats/default/vxlan.pcap.out +++ b/test/results/stats/default/vxlan.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:63 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60023 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60743 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9 diff --git a/test/results/stats/default/whois.pcapng.out b/test/results/stats/default/whois.pcapng.out index cd8be01bb..7aaa0c2da 100644 --- a/test/results/stats/default/whois.pcapng.out +++ b/test/results/stats/default/whois.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27204 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27459 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/xiaomi.pcap.out b/test/results/stats/default/xiaomi.pcap.out index 63c1ef3fd..15020fc22 100644 --- a/test/results/stats/default/xiaomi.pcap.out +++ b/test/results/stats/default/xiaomi.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:58 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49753 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49809 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 diff --git a/test/results/stats/disable_protocols/soap.pcap.out b/test/results/stats/disable_protocols/soap.pcap.out index 76464cf8f..df99bc180 100644 --- a/test/results/stats/disable_protocols/soap.pcap.out +++ b/test/results/stats/disable_protocols/soap.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28291 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28403 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 |