summaryrefslogtreecommitdiff
path: root/test/results/default/line.pcap.out
diff options
context:
space:
mode:
authorlns <matzeton@googlemail.com>2023-05-26 11:17:38 +0200
committerlns <matzeton@googlemail.com>2023-05-26 11:17:38 +0200
commit8a936a507271b727f7b0907a20fbddbe85bb725e (patch)
treefc5d940c747ea965884e60275eafda32ae5823b5 /test/results/default/line.pcap.out
parentc9514136b7c4246a57b85474d1a8e376a9009d4a (diff)
Fixed integer overflow for tcp timeout (>INT_MAX).
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/line.pcap.out')
-rw-r--r--test/results/default/line.pcap.out42
1 files changed, 21 insertions, 21 deletions
diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out
index bb35e239a..569be33f1 100644
--- a/test/results/default/line.pcap.out
+++ b/test/results/default/line.pcap.out
@@ -1,4 +1,4 @@
-00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":608455689}
00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608455689,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak4AAIARRmgKAAIPfdH80saTUIIDcGeR22QAuQYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxpqxcwsrZxwhx1xKWqCFVz8ThMLekrlMqzL884f90GP2NtK7Ce8hzDQNrwRj9rBBTjTz8s6H2gTPjSg0VDLz20S\/lg6tSMQGiPk18OAgr8Cvvp\/hozCjTC4rWGtBZMNzWhsdRZ0vEFqySrtoCKzbjIs8sYLfeI\/Srmdhg38hXlV6rP9b8ENgYDmhrGulF6otA0UNGy35B4kYdo\/MhPSqQjQ8pcsGIy70IR4UFuSLysmmi75oS+WVNM3dgKIvi143xwOy7qgdOdPV5c+gyBB3mtuSgX0e6xOZRh+2kBmE1\/y0Gdj0dNsXH1vof4pPU4HsRVsS0JvYE0U4YlCdanTAcZNPEnmP1noc5qyuh3us6i5xZtmZnUx0T0dXCf0c9mjorZc3Lgg0l497C2CPwMYdagIqBvgEBhiD2cLJ1VerQb93JW2WKPOLzzLgg0\/tyC748UEXnP1gVpyk34Qd6ThuEIyp\/P3Utszr2wDnYN9cXknXxovlsHtIUI308PKUR7uibVl6bPutV6morvNcIbC58Fk8I1neHuYJPbML1G3OCQjgPc+UH2RxL9dDmY3xJLGPaDlORHwLn0Y9UQRY8Lhk7amd4Z88RICqBguRbixN34f9ZzfQZMdoKSWIV7icBWCmxX4crcCBO1D2278Obn+4x7poeFXGeVaVtHFvQ6rkr5dyofRWaIN1msakDrm5L5U8AF0mUYN0+12kJO8yLievpdn6xzNd4bKeYsb3C1FFeKFwSAPzqOUDv9aT+WW4SKHyylw0pdUVK4cuveXzIF5ZRqBwY2i+cjXDSGbNnaKBH2ErXqKoIrNiwz6KvRlsA2pt5TBITtHSGuD8PCKzt2UbnDxqzPIw8XsLbhafMorn0W89jxSC0Q8Vcy5wNKz19TflD1049Gv1NMbjNbekdfzuC5B7dQh0znvHrAE2PGpwN4BiBtJYQuHSvS+0685SuSAtdMbRHQMsckK4xIqoTfFa8AuUNh26FRzuRQPpkBBXrr2KepLiEo\/cCleIvjlciTpS1Gl7qHYI81WnNc9aJzRlAfia2MhNrGqry00clXMkM3NxH01kLKkBz0CIEQ="}
@@ -9,24 +9,24 @@
00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":608455689,"flow_src_last_pkt_time":609571614,"flow_dst_last_pkt_time":609598428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2261,"flow_dst_tot_l4_payload_len":1420,"midstream":0,"thread_ts_usec":609598428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371}
-00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"}
-01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333003014,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333003014,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333003014,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663913333003014,"pkt":"iJCNB9vohKk4ukxYCABFAAA06jFAAIAGAAAKyAN9k1zy6OMwAbtw6B01AAAAAIAC+vCUsAAAAgQFtAEDAwgBAQQC"}
-00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333054976,"pkt":"hKk4ukxYwurksClYCABFAAAoCbxAADEG+LCTXKXCCsgDfQG74fGkw1RXXSKte1AQJV5brQAAAAAAAAAA"}
-00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1663913333055082,"pkt":"iJCNB9vohKk4ukxYCABFAACGhRBAAIAGAAAKyAN9k1ylwuHxAbtdIq17pMNUV1AYBAFH3AAAFwMDAFkJDcRIAPsaOp6NKygBqLcxvAFoFYteZ9YbgX7H2lwkmBtvafz9xNjB4mJ2pbcySwaLuN6+ULfX0U5kuShpGqWTkiHitpHcOpN6wxdON5eCuFRLQmdwS7NJJA=="}
-00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333089410,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333089410,"pkt":"hKk4ukxYwurksClYCABFAAAoCb1AADEG+K+TXKXCCsgDfQG74fGkw1RXXSKt2VAQJV5bTwAAAAAAAAAA"}
-00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333160571,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"thread_ts_usec":1663913333160571,"pkt":"hKk4ukxYwurksClYCABFAACSCb5AADEG+ESTXKXCCsgDfQG74fGkw1RXXSKt2VAYJV73yQAAFwMDAGVpQgfoxWLrvBHqf+OHhpVDh3Xog4UQ4PIL6h3cjGyJvN9jRmMQ2v5niUoLLr8NhRFgbxlnXHalp1A9B5NQVDlA44SyvYja8FbWD0mA+GmL5k7wySr7fQguu0LEE8qEV5+oHONnwg=="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663913333240356,"pkt":"hKk4ukxYwurksClYCABFAAA0AABAACoGvDqTXPLoCsgDfQG74zCmOsdicOgdNoASchCH0wAAAgQFoAEBBAIBAwMH"}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1663913333240619,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1663913333240619,"pkt":"iJCNB9vohKk4ukxYCABFAAAo6jJAAIAGAAAKyAN9k1zy6OMwAbtw6B02pjrHY1AQBAWUpAAA"}
-01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1663913333241633,"pkt":"iJCNB9vohKk4ukxYCABFAAIt6jNAAIAGAAAKyAN9k1zy6OMwAbtw6B02pjrHY1AYBAWWqQAAFgMBAgABAAH8AwOHxdSm8pDYiM262rsRrsVb3S2iAZUBdDGbyJja2Pz91SAsDdaBHWvKVYoWhZs2v6Jo59j43AlMNwj4yrxB+w0qlwBcEwITAxMBwCzAMMArwC8AowCfAKIAnsCvwK3AJMAowArAFMCjwJ8AawBqADkAOMCuwKzAI8AnwAnAE8CiwJ4AZwBAADMAMgCdAJzAocCdwKDAnAA9ADwANQAvAP8BAAFXAAAAHAAaAAAXdXRzLWZyb250LmxpbmUtYXBwcy5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsABwYDBAMDAwIALQACAQEAMwAmACQAHQAghk0AnRWAgnsc9r0fj+Be4pubOuIc94egHfE50H0TnGUAFQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333241633,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1"}}}
-00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333480027,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333480027,"pkt":"hKk4ukxYwurksClYCABFAAAoWBhAACoGZC6TXPLoCsgDfQG74zCmOsdjcOgfO1AQAO03sAAAAAAAAAAA"}
-01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1"}}}
-01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96"}}}
-02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-02329{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913342823022,"flow_dst_last_pkt_time":1663913342822836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4192,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":633542.9,"max":7306445,"stddev":1725177.1,"var":2976235913216.0,"ent":2.7,"data": [237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727]},"pktlen": {"min":40,"avg":272.5,"max":1500,"stddev":367.3,"var":134881.6,"ent":4.1,"data": [52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0],"entropies": [4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"}
+01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333003014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333003014,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333003014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663913333003014,"pkt":"iJCNB9vohKk4ukxYCABFAAA06jFAAIAGAAAKyAN9k1zy6OMwAbtw6B01AAAAAIAC+vCUsAAAAgQFtAEDAwgBAQQC"}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333054976,"pkt":"hKk4ukxYwurksClYCABFAAAoCbxAADEG+LCTXKXCCsgDfQG74fGkw1RXXSKte1AQJV5brQAAAAAAAAAA"}
+00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333054976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1663913333055082,"pkt":"iJCNB9vohKk4ukxYCABFAACGhRBAAIAGAAAKyAN9k1ylwuHxAbtdIq17pMNUV1AYBAFH3AAAFwMDAFkJDcRIAPsaOp6NKygBqLcxvAFoFYteZ9YbgX7H2lwkmBtvafz9xNjB4mJ2pbcySwaLuN6+ULfX0U5kuShpGqWTkiHitpHcOpN6wxdON5eCuFRLQmdwS7NJJA=="}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333089410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333089410,"pkt":"hKk4ukxYwurksClYCABFAAAoCb1AADEG+K+TXKXCCsgDfQG74fGkw1RXXSKt2VAQJV5bTwAAAAAAAAAA"}
+00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333055082,"flow_dst_last_pkt_time":1663913333160571,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"thread_ts_usec":1663913333160571,"pkt":"hKk4ukxYwurksClYCABFAACSCb5AADEG+ESTXKXCCsgDfQG74fGkw1RXXSKt2VAYJV73yQAAFwMDAGVpQgfoxWLrvBHqf+OHhpVDh3Xog4UQ4PIL6h3cjGyJvN9jRmMQ2v5niUoLLr8NhRFgbxlnXHalp1A9B5NQVDlA44SyvYja8FbWD0mA+GmL5k7wySr7fQguu0LEE8qEV5+oHONnwg=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663913333240356,"pkt":"hKk4ukxYwurksClYCABFAAA0AABAACoGvDqTXPLoCsgDfQG74zCmOsdicOgdNoASchCH0wAAAgQFoAEBBAIBAwMH"}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1663913333240619,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1663913333240619,"pkt":"iJCNB9vohKk4ukxYCABFAAAo6jJAAIAGAAAKyAN9k1zy6OMwAbtw6B02pjrHY1AQBAWUpAAA"}
+01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1663913333241633,"pkt":"iJCNB9vohKk4ukxYCABFAAIt6jNAAIAGAAAKyAN9k1zy6OMwAbtw6B02pjrHY1AYBAWWqQAAFgMBAgABAAH8AwOHxdSm8pDYiM262rsRrsVb3S2iAZUBdDGbyJja2Pz91SAsDdaBHWvKVYoWhZs2v6Jo59j43AlMNwj4yrxB+w0qlwBcEwITAxMBwCzAMMArwC8AowCfAKIAnsCvwK3AJMAowArAFMCjwJ8AawBqADkAOMCuwKzAI8AnwAnAE8CiwJ4AZwBAADMAMgCdAJzAocCdwKDAnAA9ADwANQAvAP8BAAFXAAAAHAAaAAAXdXRzLWZyb250LmxpbmUtYXBwcy5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsABwYDBAMDAwIALQACAQEAMwAmACQAHQAghk0AnRWAgnsc9r0fj+Be4pubOuIc94egHfE50H0TnGUAFQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333241633,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1"}}}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333480027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333480027,"pkt":"hKk4ukxYwurksClYCABFAAAoWBhAACoGZC6TXPLoCsgDfQG74zCmOsdjcOgfO1AQAO03sAAAAAAAAAAA"}
+01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1"}}}
+01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96"}}}
+02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+02329{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913342823022,"flow_dst_last_pkt_time":1663913342822836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4192,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":633542.9,"max":7306445,"stddev":1725177.1,"var":2976235913216.0,"ent":2.7,"data": [237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727]},"pktlen": {"min":40,"avg":272.5,"max":1500,"stddev":367.3,"var":134881.6,"ent":4.1,"data": [52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0],"entropies": [4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":853,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":853,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913345063942,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":895,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":895,"pkt_l4_len":861,"thread_ts_usec":1663913345063942,"pkt":"iJCNB9vohKk4ukxYCABFAANxQEkAAIARAAAKyAN9k1ypWsfZcY4DXU5q21EDfwYCsDftA62ApMwfM37ZI9Q0qJcVA2+24MTytJtoPbFoYtvVtXvdQe7G+vNkHdVNTkaB7r0rAAAAKwdDz7dnddQSzJpDpiqbSrGFA6xzqQiWcs3ZbpWyKRD30SNFFEmMzPnd4y9oAixi1Jn\/KHGRdHcPcNHno5lEV5NUNwygknAaTuW5Fhkv31hKsKfXMdrXJqc9ngUTgmhB1IAnD\/XqN++J0EeWwXQWXAbuAYLV212eI8okXisddN6hPaDwTg+6Hqi51\/7tkfra+OZuRdsfJLY4P0ve0guKnejEs8dFreWeBszBmKahqBLDDm5r5LGGNENJW8J4kghY6omeYfbdPKC0DhBvpHm5tOyPNm5NbajbIeIMRVvje6lcp+7wIIH4CwFixuH1uDTOq8JkqYz3+zQu0y5hN\/48j6\/OKGLd6LBcYsIWAvFfH3h8cFWGg5FWeuksQ7KpS1g5PnxW1BA2Rz8+XboOW64\/nZNTZ2F0LemkEEHZdNOfCfsTRG7W+zNSkxcOMP1fWnWjDgPpMZQ9eSKRdsAxR4aw9graczj0WiVEFF51uhXaAo+PJmxwMxRi\/U\/lhvoS555BA0lejdkB5fPVli7S78Y\/OGtFgvJjCanPHSajVdXYMfxhErTrJUQjbC6bz8LrTWreS8e69y3vTPY3P3GW9fgT4WAK6YiXqiXHbjqI1KbvZqxTXCko4KbrwWm1VDEV2DTLraW5UVpDftaON2IjAk73ewWuck+hTwNv+2VfihBxmm2071H8A6if+tUV6NPGrFI93LWo4\/E+IQuLx6sF1VSZes1M0tp5EBg+5ijAAWhUeonTQZJizVQTIkCb0WcHlqvblCcMOcLnKQUwDqvkEHbe96N6e2KlSUyrHTgPzoVoWQgTbDCL+OOqpxB1CRmaRWyiOnHDaSseG76f6RQBrHEQHD7ecDNlAbfJPdHKCYE+F\/HOTpaTJlaRpzRaUPXG+PFnDKK+gRffUu37IfUYPd359K0poSNCMUmkFtNBRLlUhaCCCMkRIGP6MwAsuJHolxWY2b3ch4fGwEokOxiC+xvVInYPX1iGoC6hj9SR9dcB\/lQT\/VUWqnYiQQXbuWEsH25mN9C7SQMSmS2nxEyaBLycjD2+mSi8q+gl5g=="}
@@ -44,8 +44,8 @@
00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1663913371776534,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913371776534,"pkt":"wurksClYhKk4ukxYCABFAACgTAsAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAdBhu88EWWQL4L1LbfqJDYnRGb01n1sKe0lvHVBBVqL892BxEkY41O\/gD87wC+rkYULF+KivffNKDYpmu8Lr2YTMKuqmgFw81LNTiXLlSmUStTYkycWllbdexMt40BG5jgNMIyhppdjzjK900bA0+E\/u\/TLw5WKXLjH9MQPIR88Dz"}
00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913373776892,"flow_dst_last_pkt_time":1663913373811116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":1663913373811116,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913403056559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":41,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913418926686,"flow_dst_last_pkt_time":1663913418885464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3138,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":4954,"flow_dst_tot_l4_payload_len":2495,"midstream":1,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":41,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913418926686,"flow_dst_last_pkt_time":1663913418885464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3138,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":4954,"flow_dst_tot_l4_payload_len":2495,"midstream":1,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686}
Powered by cgit, Themed by Ted Yin.