bump libnDPI to ...

 * upstream changed regression test interface, needed to adapt
 * improved libnDPI helper build script
 * updated JSON schema

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 48 insertions, 0 deletions

diff --git a/test/results/default/teredo.pcap.out b/test/results/default/teredo.pcap.out
new file mode 100644
index 000000000..67691354e
--- /dev/null
+++ b/test/results/default/teredo.pcap.out
@@ -0,0 +1,48 @@
+00507{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00570{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1438853615305874}
+00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853615305874,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
+01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615358642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1438853615358642,"pkt":"ABsXAAEVbEFqjICJCABFAACJMb4AAHIRHPjCiBxMCnAQag3YzSEAdV9uAAEAALEbP+pGqa\/pAAAAMt5G+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619792073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853619792073,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619792073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853619792073,"pkt":"bEFqjICJABsXAAEVCABFAABZKFgAAH4RGp8KcBBZwogcTOvdDdgARWZ6AAEAAJXRHBBSCtwOAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
+01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619792073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853619792073,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619844656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1438853619844656,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcAAAHIRHQfCiBxMCnAQWQ3Y690AdQSAAAEAAJXRHBBSCtwOAAAAFCJG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629357785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853629357785,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629357785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853629357785,"pkt":"bEFqjICJABsXAAEVCABFAABZf5wAAH4Rw1cKcBBcwogcTPfYDdgAReM8AAEAAPs1qOhE924kAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
+01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629357785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853629357785,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629411015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1438853629411015,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcEAAHIRHQPCiBxMCnAQXA3Y99gAdXxOAAEAAPs1qOhE924kAAAACCdG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZL4AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEwAAAAAAAAAAA=="}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853632713044,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632713044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853632713044,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632713044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853632713044,"pkt":"bEFqjICJABsXAAEVCABFAABZcmgAAH4R0KcKcBBAwogcTNtaDdgARUt\/AAEAABh7537NjT4KAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
+01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853632713044,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632713044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853632713044,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632766780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1438853632766780,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcIAAHIRHR7CiBxMCnAQQA3Y21oAdWZ0AAEAABh7537NjT4KAAAAJKVG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYARiEAAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEy6FgeABnFWlQ=="}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853633749196,"flow_src_last_pkt_time":1438853633749196,"flow_dst_last_pkt_time":1438853633749196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853633749196,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1438853633749196,"flow_dst_last_pkt_time":1438853633749196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1438853633749196,"pkt":"bEFqjICJABsXAAEVCABFAABQa1QAAH4R18EKcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAA6wgo8LJvAAAAAA=="}
+01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853633749196,"flow_src_last_pkt_time":1438853633749196,"flow_dst_last_pkt_time":1438853633749196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853633749196,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1438853633749978,"flow_dst_last_pkt_time":1438853633749196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1438853633749978,"pkt":"bEFqjICJABsXAAEVCABFAABRa1UAAH4R178KcBBDwogcTMpkDdgAPZLqYAAAAAANOv8gAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTIAAbVcAAQaF2tytrco="}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1438853633749978,"flow_dst_last_pkt_time":1438853633803112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1438853633803112,"pkt":"ABsXAAEVbEFqjICJCABFAABRMcMAAHIRHVLCiBxMCnAQQw3YymQAPZNqYAAAAAANOn8gAsKIHEwAAAAAAADCiBxMIAEAAMKIHEwg8zWbRvk\/RoEAbFcAAQaF2tytrco="}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1438853635723980,"flow_dst_last_pkt_time":1438853633803112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1438853635723980,"pkt":"bEFqjICJABsXAAEVCABFAABQa2cAAH4R164KcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAAGb3LNOF2AAAAAA=="}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1438853637724165,"flow_dst_last_pkt_time":1438853633803112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1438853637724165,"pkt":"bEFqjICJABsXAAEVCABFAABQa5MAAH4R14IKcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAAvSDg4ChnAAAAAA=="}
+00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1438853653349933,"flow_dst_last_pkt_time":1438853615358642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853653349933,"pkt":"bEFqjICJABsXAAEVCABFAABZW7oAAH4R5ysKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
+00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1438853653349933,"flow_dst_last_pkt_time":1438853653403120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_usec":1438853653403120,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcgAAHIRHO7CiBxMCnAQag3YzSEAdV9uAAEAALEbP+pGqa\/pAAAAMt5G+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZL4AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEwAAAAAAAAAAA=="}
+01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1438853633749196,"flow_src_last_pkt_time":1438853651224097,"flow_dst_last_pkt_time":1438853647345196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853632713044,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632766780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619844656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853653349933,"flow_dst_last_pkt_time":1438853653403120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629411015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1438853653403120}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 24/24
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 1566 bytes
+~~ total detected protocols..: 5
+~~ total active/idle flows...: 5/5
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 7684679 bytes
+~~ total memory freed........: 7684679 bytes
+~~ total allocations/frees...: 142446/142446
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 512 chars
+~~ json string max len.......: 1103 chars
+~~ json string avg len.......: 806 chars