aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/stun_wa_call.pcapng.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2023-11-08 17:07:20 +0100
committerToni Uhlig <matzeton@googlemail.com>2023-11-08 17:07:20 +0100
commitb667f9e1daa913acddb0bf2117651481d788fdf8 (patch)
treeba30ba11c159888e5cac8adb2747df0562849342 /test/results/default/stun_wa_call.pcapng.out
parent55c8a848d3ee160c2b4630180b62d534c2b70788 (diff)
Forcefully reset `NDPI_UNIDIRECTIONAL_TRAFFIC` if classification was done after the first packet. Nonsense.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/stun_wa_call.pcapng.out')
-rw-r--r--test/results/default/stun_wa_call.pcapng.out26
1 files changed, 13 insertions, 13 deletions
diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out
index 3df3e2bcd..f40ac639d 100644
--- a/test/results/default/stun_wa_call.pcapng.out
+++ b/test/results/default/stun_wa_call.pcapng.out
@@ -2,23 +2,23 @@
00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="}
-01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="}
-01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="}
-01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="}
-01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="}
-01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="}
@@ -38,23 +38,23 @@
02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="}
-01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="}
-01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="}
-01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="}
-01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="}
00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="}
-01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="}
@@ -70,10 +70,10 @@
02206{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="}
@@ -84,7 +84,7 @@
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1676660026276036,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660026276036,"pkt":"CL6sCxduJjb1W8R1CABFwABISLRAAEAR8KnAqAycClIo8cF2nfQANMOEAAEAGCESpEKl9A496LZkbYe+i00ACAAU\/ewrDda+DUas0DsT+++L7XeLDdc="}
00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660027432762,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660027432762,"l3_proto":"ip4","src_ip":"93.63.100.129","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660027432762,"pkt":"Jjb1W8R1CL6sCxduCABFAABgoiQAAPgBkXNdP2SBwKgMnAMApW4AEQAARQAASEjeQAA4Efk\/wKgMnApSKPHBdp30ADSYCgABABghEqRC5xzHRnteXD13uFxaAAgAFDCLx\/tSkAsmj1JamKGIXok="}
-01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660027432762,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660027432762,"l3_proto":"ip4","src_ip":"93.63.100.129","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.458712}}
+00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660027432762,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660027432762,"l3_proto":"ip4","src_ip":"93.63.100.129","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.458712}}
01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659999805428,"flow_dst_last_pkt_time":1676659970541205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659999805772,"flow_dst_last_pkt_time":1676659970555657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659999805894,"flow_dst_last_pkt_time":1676659970561481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
Powered by cgit, Themed by Ted Yin.