fix config header

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2024-12-06 11:13:48 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2024-12-09 11:26:45 +0100
commit: 064bd3aefa7a4f98b4c3c079e03df37c1b0b5125 (patch)
tree: b935c329d73bc70e1e6817b48d92e3a66526f782 /test/results/default/whatsapp_voice_and_message.pcap.out
parent: acd9e871b6815d279e277c269ea58316673c816a (diff)
1 files changed, 9 insertions, 9 deletions
diff --git a/test/results/default/whatsapp_voice_and_message.pcap.out b/test/results/default/whatsapp_voice_and_message.pcap.out
index 18bce9b8c..46c50862d 100644
--- a/test/results/default/whatsapp_voice_and_message.pcap.out
+++ b/test/results/default/whatsapp_voice_and_message.pcap.out
@@ -1,4 +1,4 @@
-00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820558921094}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820558921094,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820558921094,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820558921094,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="}
@@ -79,8 +79,8 @@
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820633802533,"flow_src_last_pkt_time":1432820633834790,"flow_dst_last_pkt_time":1432820633803845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820633834790,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1432820633834790,"flow_dst_last_pkt_time":1432820633835034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820633835034,"pkt":"ABoRAAACABoRAAABCABFAAAoADpAABAG1A+twN69CggAARRmpQHPUwdvMKz5QFAQ\/\/9fNgAA"}
 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1432820633802533,"flow_src_last_pkt_time":1432820634797314,"flow_dst_last_pkt_time":1432820634796460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":505,"flow_src_tot_l4_payload_len":707,"flow_dst_tot_l4_payload_len":814,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":122,"avg":64151.9,"max":457947,"stddev":103861.5,"var":10787211264.0,"ent":3.7,"data": [1312,2441,29816,31189,401459,457947,56427,244,122,152,50476,50415,214,112548,112763,50812,57282,6500,274,183,50385,50538,122,50415,131042,50415,131164,122,50507,50629,793]},"pktlen": {"min":40,"avg":88.2,"max":545,"stddev":100.3,"var":10067.6,"ent":4.4,"data": [60,40,40,214,40,118,40,545,70,40,40,63,40,40,65,40,62,121,40,285,40,62,64,40,94,40,58,91,40,209,40,40]},"bins": {"c_to_s": [10,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,0],"entropies": [4.459092617,4.680641651,4.784183979,6.607134819,4.630641460,6.115448475,4.665311813,7.571388721,5.552047253,4.580641270,4.630640984,5.367652893,4.630641460,4.834183693,5.504653454,4.580641747,5.300499439,6.294820786,4.630641460,7.156640053,4.530641556,5.393635750,5.481855392,4.630641460,5.938459396,4.680641651,5.375223160,5.945579052,4.611769676,6.961353779,4.834183693,4.665311813]},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820628171429,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820629171551,"flow_dst_last_pkt_time":1432820570006695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820628171429,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820627171490,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820634797314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -95,8 +95,8 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820681899121,"flow_src_last_pkt_time":1432820681935773,"flow_dst_last_pkt_time":1432820681901135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820681935773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1432820681935773,"flow_dst_last_pkt_time":1432820681935925,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820681935925,"pkt":"ABoRAAACABoRAAABCABFAAAoAFpAABAGh6ueVTptCggAARRmwjmuxBSCUTvsLVAQ\/\/\/1uQAA"}
 02198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1432820681899121,"flow_src_last_pkt_time":1432820685106122,"flow_dst_last_pkt_time":1432820683287396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":751,"midstream":0,"thread_ts_usec":1432820685106122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":91,"avg":148234.7,"max":1768433,"stddev":316376.5,"var":100094115840.0,"ent":3.4,"data": [2014,2563,34089,34790,390289,440887,50599,183,91,50446,50537,139282,139252,92,50506,50445,92,51240,51147,213,122,77789,128296,50873,179230,229706,260559,260559,50476,50476,1768433]},"pktlen": {"min":40,"avg":85.1,"max":294,"stddev":70.4,"var":4957.0,"ent":4.6,"data": [60,40,40,214,40,118,40,294,70,40,63,40,65,40,62,121,40,62,285,40,40,40,209,98,40,99,40,165,40,62,40,76]},"bins": {"c_to_s": [11,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0],"entropies": [4.471673489,4.680641651,4.734183788,6.810238838,4.680641651,6.078742027,4.665311813,7.177294731,5.455548763,4.680641651,5.570110321,4.730641842,5.523809433,4.730641842,5.470327377,6.416762829,4.730641842,5.470327854,7.190139771,4.730641842,4.884183884,4.884183884,6.934513569,6.068694592,4.730641842,6.043103695,4.815311432,6.668905258,4.815311432,5.405810833,4.765311718,5.731334686]},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820628171429,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820691515362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820629171551,"flow_dst_last_pkt_time":1432820570006695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820691515362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820628171429,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820691515362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820691515362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820691515362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820627171490,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820691515362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -110,19 +110,19 @@
 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1432820694164349,"flow_dst_last_pkt_time":1432820693846142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1432820694164349,"pkt":"ABoRAAACABoRAAABCABFAADZY3tAAEAGKH8KCAABnlUFx8lyAbsu9\/Nt0QgMlFAYOQiMoQAAV0EBBQAAF\/gFAaWRifwPQW5kcm9pZC0yLjEyLjg0AAAZ+AKc+AT4AfwHcHJpdmFjefgBgPgBQPgBeAAAdPgIDLX\/h1UhmCkBUQ\/sTqZWv\/xgcSlU0euSYo6NCHOEAZVChlwW\/jbtv1wYaWm4Al+So9OdQ9pFARIthkK9WNvgjPwuyFrtlujpff4VkW+FcRldgQSQomlyhtjUFJYUGTWlqe8TPqD8TvnYC+arf3qsTvid"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820693796979,"flow_src_last_pkt_time":1432820694164349,"flow_dst_last_pkt_time":1432820693846142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820694164349,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1432820694164349,"flow_dst_last_pkt_time":1432820694177899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820694177899,"pkt":"ABoRAAACABoRAAABCABFAAAoAHRAABAGvDeeVQXHCggAAQG7yXLRCAyULvf0HlAQ\/\/81zwAA"}
-00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1432820693796979,"flow_src_last_pkt_time":1432820695137128,"flow_dst_last_pkt_time":1432820695086804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":232,"flow_src_tot_l4_payload_len":347,"flow_dst_tot_l4_payload_len":395,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":32,"flow_first_seen":1432820633802533,"flow_src_last_pkt_time":1432820681629773,"flow_dst_last_pkt_time":1432820681625165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":505,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":1342,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1432820624900403,"flow_src_last_pkt_time":1432820633508496,"flow_dst_last_pkt_time":1432820633508343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":968,"flow_src_tot_l4_payload_len":1860,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820629171551,"flow_dst_last_pkt_time":1432820570006695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1432820693796979,"flow_src_last_pkt_time":1432820695137128,"flow_dst_last_pkt_time":1432820695086804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":232,"flow_src_tot_l4_payload_len":347,"flow_dst_tot_l4_payload_len":395,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1432820681899121,"flow_src_last_pkt_time":1432820691973004,"flow_dst_last_pkt_time":1432820691967480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":896,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1432820558921094,"flow_src_last_pkt_time":1432820572412518,"flow_dst_last_pkt_time":1432820572408002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":415,"flow_src_tot_l4_payload_len":1713,"flow_dst_tot_l4_payload_len":773,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":32,"flow_first_seen":1432820633802533,"flow_src_last_pkt_time":1432820681629773,"flow_dst_last_pkt_time":1432820681625165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":505,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":1342,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820628171429,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820629171551,"flow_dst_last_pkt_time":1432820570006695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820631171460,"flow_dst_last_pkt_time":1432820571488171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820630172009,"flow_dst_last_pkt_time":1432820570876782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820632171338,"flow_dst_last_pkt_time":1432820572348004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820627171490,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1432820681899121,"flow_src_last_pkt_time":1432820691973004,"flow_dst_last_pkt_time":1432820691967480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":896,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1432820695137128}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 261/261
@@ -132,8 +132,8 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6700662 bytes
-~~ total memory freed........: 6700662 bytes
+~~ total memory allocated....: 6954102 bytes
+~~ total memory freed........: 6954102 bytes
 ~~ total allocations/frees...: 114540/114540
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
author	Toni Uhlig <matzeton@googlemail.com>	2024-12-06 11:13:48 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2024-12-09 11:26:45 +0100
commit	064bd3aefa7a4f98b4c3c079e03df37c1b0b5125 (patch)
tree	b935c329d73bc70e1e6817b48d92e3a66526f782 /test/results/default/whatsapp_voice_and_message.pcap.out
parent	acd9e871b6815d279e277c269ea58316673c816a (diff)