diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-11-08 17:07:20 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-11-08 17:07:20 +0100 |
| commit | b667f9e1daa913acddb0bf2117651481d788fdf8 (patch) | |
| tree | ba30ba11c159888e5cac8adb2747df0562849342 /test/results/default/wa_voice.pcap.out | |
| parent | 55c8a848d3ee160c2b4630180b62d534c2b70788 (diff) | |
Forcefully reset `NDPI_UNIDIRECTIONAL_TRAFFIC` if classification was done after the first packet. Nonsense.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/wa_voice.pcap.out')
| -rw-r--r-- | test/results/default/wa_voice.pcap.out | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/test/results/default/wa_voice.pcap.out b/test/results/default/wa_voice.pcap.out index fc438d47a..99ebb2eda 100644 --- a/test/results/default/wa_voice.pcap.out +++ b/test/results/default/wa_voice.pcap.out @@ -2,17 +2,17 @@ 00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687944542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1561455687944542,"pkt":"kLkxKPrKxiwDYGpkCABFAABMq4sAAEARSbjAqAIBwKgCDAA1yOcAOH0WZG+BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} 01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687944542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1561455687944542,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687991884,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687991884,"pkt":"xiwDYGpkkLkxKPrKCABFAAA89ksAAP8RQAfAqAIMwKgCAe1dADUAKOSmDHcBAAABAAAAAAAAAWcId2hhdHNhcHADbmV0AAABAAE="} -01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687991884,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687991884,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1561455688018542,"pkt":"kLkxKPrKxiwDYGpkCABFAABj38gAAEARFWTAqAIBwKgCDAA17V0ATz5mDHeBgAABAAIAAAAAAWcId2hhdHNhcHADbmV0AAABAAHADAAFAAEAAArzAAsEY2hhdANjZG7ADsAsAAEAAQAAAEEABJ3wFDU="} 01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455688018542,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g.whatsapp.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688201615,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455688201615,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1561455688201615,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"} -01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688201615,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455688201615,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688201615,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455688201615,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1561455688202302,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1561455688202302,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"} 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1561455688202454,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_usec":1561455688202454,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1561455688202454,"flow_dst_last_pkt_time":1561455688226427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455688226427,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0TxoAADEGKbAR8jxUwKgCDBRnwMrukh4wSA8vWYAQAYNbPgAAAQEICjyzTX00zfCm"} @@ -30,7 +30,7 @@ 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455689377891,"flow_dst_last_pkt_time":1561455689390636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":6993,"midstream":0,"thread_ts_usec":1561455689390636,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":43878.7,"max":304081,"stddev":76394.5,"var":5836114944.0,"ent":3.2,"data": [40742,137033,170366,304081,130232,56,30959,5260,28,391,1,177,42,1186,210132,335,9,41,206,11,311,41447,129925,50,6,6,5,1043,24269,131853,38]},"pktlen": {"min":52,"avg":295.4,"max":1440,"stddev":467.5,"var":218553.5,"ent":3.8,"data": [64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52]},"bins": {"c_to_s": [11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1],"entropies": [4.472632408,5.115064144,5.014835358,7.171360493,5.130219936,6.068146706,5.962917328,6.548506737,7.870247841,5.888707161,7.854815006,6.678243637,7.877118111,6.722311020,7.881030083,5.014835358,5.014835358,4.976373196,5.091758251,5.091758251,5.130219936,5.008132935,7.805761337,5.645539761,5.925289631,6.203728676,5.699334145,6.150419712,4.961856842,7.298644066,5.038780212,4.955154419]},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1561455689728258,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="} -01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"media-mxp1-1.cdn.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"media-mxp1-1.cdn.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1561455689761023,"pkt":"kLkxKPrKxiwDYGpkCABFAABbphoAAEARTxrAqAIBwKgCDAA12AAAR3hsM2mBgAABAAEAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAHADAABAAEAAABFAAQfDVYz"} 01101{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1561455689761023,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"media-mxp1-1.cdn.whatsapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455689909150,"flow_dst_last_pkt_time":1561455689909150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689909150,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -48,7 +48,7 @@ 00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1561455701310940,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455701310940,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvHu4AAEAR1D\/AqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455702980324,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455702980324,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1561455702980324,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="} -01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455702980324,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455702980324,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455702980324,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455702980324,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455702981751,"pkt":"kLkxKPrKxiwDYGpkCABFAAA01H8AAC8Gs5ARqy9VwKgCDAG7xUbop23p2+r6qYARAEJXLQAAAQEICipMBbM0zcKk"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455703144658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1561455703144658,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455703145864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455703145864,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGNxDAqAIMEasvVcVGAbvb6vrI6KdtyoARBABS5QAAAQEICjTOOF4qS5CD"} @@ -69,23 +69,23 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706881597,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455706881597,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912375,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912436,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912561,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912682,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913062,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913136,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913639,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913891,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914378,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914597,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925951,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925951,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPYAAFQRCb4fDVYwwKgCDA2W3AgANMY5AQMAGCESpEKmZ0918K0sABMVszcAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} @@ -98,7 +98,7 @@ 00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706979952,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707435698,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1561455707435698,"pkt":"xiwDYGpkkLkxKPrKCABFAAA+06QAAP8RYqzAqAIMwKgCAeyFADUAKgBWfx8BAAABAAAAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAQ=="} -01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707435698,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pps.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707435698,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pps.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707470289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1561455707470289,"pkt":"kLkxKPrKxiwDYGpkCABFAABnIjoAAEAR0u7AqAIBwKgCDAA17IUAUyY\/fx+BgAABAAIAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAcAMAAUAAQAACz4ADQZtbXgtZHMDY2RuwBDALgABAAEAAAA+AASd8BQ0"} 01087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707470289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1561455707470289,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pps.whatsapp.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707474558,"flow_dst_last_pkt_time":1561455707474558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707474558,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -135,14 +135,14 @@ 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1561455729803232,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455729803232,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqcAAP8RG\/4AAAAA\/\/\/\/\/wBEAEMBNNt7AQEGAH5K8tcACAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455730495456,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455731356928,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 02227{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546]},"pktlen": {"min":30,"avg":110.0,"max":306,"stddev":87.2,"var":7598.9,"ent":4.6,"data": [154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1],"entropies": [6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731665769,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} -01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731699179,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731771636,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="} @@ -171,7 +171,7 @@ 00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741432427,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741432427,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741484694,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741484694,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455741484694,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4hv4AAEABnOPAqAIMW\/w4MwMDoFgAAAAARQAA73IeAAAxEb\/8W\/w4M8CoAgx\/wNwIANsAAA=="} -01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741484694,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741484694,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":3.962659}} +00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741484694,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741484694,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":3.962659}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1561455742405584,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455742405584,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4TCgAAEAB17nAqAIMW\/w4MwMDoOEAAAAARQAAZumbAAAxEUkIW\/w4M8CoAgx\/wNwIAFIAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1561455742405951,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455742405951,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4HrIAAEABBTDAqAIMW\/w4MwMDoOEAAAAARQAAZp1RAAAxEZVSW\/w4M8CoAgx\/wNwIAFIAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1561455742405963,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455742405963,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4twoAAEABbNfAqAIMW\/w4MwMDoOEAAAAARQAAZq9YAAAxEYNLW\/w4M8CoAgx\/wNwIAFIAAA=="} |