nDPId: Added error event threshold to prevent event spamming which may be abused.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 38 insertions, 284 deletions

diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out
index 7d488eecc..afc3f4bcd 100644
--- a/test/results/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/dos_win98_smb_netbeui.pcap.out
@@ -1,20 +1,20 @@
 00501{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576409796586005}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586005,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586078,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586103}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586103,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586103}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796605834}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796605834,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796605834}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075407}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797075407,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075407}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075462}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797075462,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075462}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075487}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797075487,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797075487}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797101878}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409797101878,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409797101878}
 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409797553896,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409797553896,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1576409797553896,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409797553896,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -24,330 +24,84 @@
 00734{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409798047534,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_usec":1576409798047534,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00840{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409798047534,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409798642006}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409798642006,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409798642006}
 00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409798047534,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409799428975}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409799428975,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409799428975}
 00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409799059459,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409800348591}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409800348591,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409800348591}
 00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409799059459,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409800543745,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409800543745,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576409800543745,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409800543745,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
 00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409800543745,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409800543745,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576409800544216,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409800544216,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1576409800544288,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1576409800544288,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409802223804}
+00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409802223804,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409802223804}
 00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409802083383,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1576409807597015,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
 01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811132208}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811132208,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811132208}
 00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811517809}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811517809,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811517809}
 00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811901809}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811901809,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811901809}
 00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409812669822}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409812669822,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409812669822}
 00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409813829815}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409815308846}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409817241324}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409819547009}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409822253028}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409825334722}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409828857801}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409832716325}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409836953806}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409844797969}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409844798231}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845301797}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgACo2haC8B0A+lo+\/82xHHoV09SS0dST1VQICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845301935}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQAEuP7\/UOih91uNRuQWUOhaVEVTVDEgICAgICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845853803}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409845853922}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409846177854}
-00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1576409851581302,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
 00881{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409851581302,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00920{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409799059459,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409851581302,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409805843525,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409851581302,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409856181279}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409856181279,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409856181279}
 00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409859028684}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859028684,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409859028684}
 00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028855}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859028855,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028855}
 00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028943}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859028943,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409859028943}
 00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAC\/w8AMsAP\/vDhcVAAMAFQBURVNUMSAgICAgICAgICAATURKUjk4ICAgICAgICAgIA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029055}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029055,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029055}
 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAAPw8H8sAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAg"}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029130}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029130,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409859029130}
 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAAPw8XNgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVF"}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029275}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029275,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029275}
 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8AEBAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029351}
+00298{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029351,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029351}
 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEBDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBG"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029513}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029513,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029513}
 00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyABLw8AAADgD\/7xmPygUVAAMAFQP\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAA"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029589}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029589,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859029589}
 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieABLw8AADDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029785}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029785,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859029785}
 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEDAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_usec":1576409859029960}
+00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859029960,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_usec":1576409859029960}
 00521{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":174,"pkt_type":160,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":174,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAKDw8AICDgD\/7xYEAAAAAAEAFQP\/U01CcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAABrAAJQQyBORVRXT1JLIFBST0dSQU0gMS4wAAJNSUNST1NPRlQgTkVUV09SS1MgMy4wAAJET1MgTE0xLjJYMDAyAAJET1MgTEFOTUFOMi4xAAJXaW5kb3dzIGZvciBXb3JrZ3JvdXBzIDMuMWEA"}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030036}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030036,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030036}
 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEEDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_usec":1576409859030103}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030103,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_usec":1576409859030103}
 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":101,"pkt_type":87,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAFfw8AIEDgD\/7xYMAAABACgAAxX\/U01CcgAAAACAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAA0EAAIAaAsCAAEAAwAVBQOAsmSPT8T\/AAAAAAgAFQUDgAEb9l0="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030186}
+00299{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030186,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030186}
 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEEAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_usec":1576409859030361}
+00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030361,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_usec":1576409859030361}
 00499{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030433}
-00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEGAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":69,"global_ts_usec":1576409859030536}
-00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":83,"pkt_type":69,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":83,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAEXw8AQGDgD\/7xYMAAACACgAAxX\/U01CcwAAAACQAAAAAAAAAAAAAAAAAAAAyAAyAAAhAAN1ACkAAAAAAAL\/AAAAAwBBOgA="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030659}
-00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEGAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409859030799}
-00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAD7w8AYGDgD\/7xYMAAAoAAMAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859030872}
-00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QEIEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBG"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409859030925}
-00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAD7w8AYIDgD\/7xYMAAADACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859031027}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAATw8QEIAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409859141343}
-00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyABLw8AgJDgD\/7xQAAAAoAAAAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAy"}
-00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409859141465}
-00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AAwp1HmyAFBWM3ieAATw8QELEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVF"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409859529509}
-00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409860077840}
-00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409860625807}
-00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_usec":1576409861175103}
-00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1576409861597261,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409862195835}
-00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409861597261,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
 01051{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":555,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409861597261,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409866206390}
-00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409861597261,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409868734666}
-00410{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868734893}
-00378{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409868736028}
-00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAD7w8AwKDgD\/7xYMAAAoAAUAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAIUAAAABQAEAAUAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868736118}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieADXw8AoODgD\/7xYMAAAFACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409868736262}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAEvw8A4MDgD\/7xYMAAAoAAYAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":144,"global_ts_usec":1576409868736631}
-00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":158,"pkt_type":144,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieAJDw8AwQDgD\/7xYMAAAGACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAECAFkABVYAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409868739983}
-00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyAFPw8BAODgD\/7xYMAAAoAAcAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAgwAAAQ=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868740173}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieADXw8A4SDgD\/7xYMAAAHACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409868742285}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyADXw8BIQDgD\/7xYMAAAoAAgAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_usec":1576409868742459}
-00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieAD\/w8BAUDgD\/7xYMAAAIACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQVq\/wABAAJ2+AAAAAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409868821798}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AFBWM3ieAAwp1HmyABLw8BQTDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409868821909}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409867606753,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_usec":1576409872653497}
-00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409872653693}
-00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="}
-00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":1190,"global_ts_usec":1576409872682866}
-01901{"packet_event_id":1,"packet_event_name":"packet","packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1204,"pkt_type":1190,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1204,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyBKbw8BgUDgD\/7xYMAAAoAAoAFQP\/U01CCwAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQUAAGQEAAAAAGQEZwQBZAQNCiBWb2x1bWUgaW4gZHJpdmUgQyBpcyBNU0RPUyAgICAgIA0KIFZvbHVtZSBTZXJpYWwgTnVtYmVyIGlzIDQwMzEtMEZFMA0KIERpcmVjdG9yeSBvZiBDOlwNCg0KQ09NTUFORCAgQ09NICAgICAgICA1NC42NDUgMzEuMDUuOTQgICAgNjoyMg0KV0lORE9XUyAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODozNw0KV0lOQTIwICAgMzg2ICAgICAgICAgOS4zNDkgMzEuMDUuOTQgICAgNjoyMg0KVEVNUCAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNA0KVE9PTFMgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KRE9TICAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KQVVUT0VYRUMgTkVUICAgICAgICAgICAxNjkgMTMuMTIuMTkgICAgNjo1MA0KTk9WRUxMICAgICAgIDxESVI+ICAgICAgICAgMTQuMTIuMTkgICAyMTozOQ0KTkVUICAgICAgICAgIDxESVI+ICAgICAgICAgMDcuMTAuMTkgICAyMjoxMg0KQ09ORklHICAgV0lOICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgV0lOICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgQkFUICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgT0xEICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQ09ORklHICAgTkVUICAgICAgICAgICAxMzQgMTMuMTIuMTkgICAgNjo1MA0KQVVUT0VYRUMgTk9WICAgICAgICAgICAzMDkgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgTk9WICAgICAgICAgICAyODAgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgT0xEICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KTkJJSFcgICAgQ0ZHICAgICAgICAgICAzODggMTUuMTIuMTkgICAxMDoxOA0KQ09ORklHICAgMDAxICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgMDAxICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQ09ORklHICAgU1lTICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KICAgICAgIDIxIGZpbGUocykgICAgICAgICA2Ni45MTggYnl0ZXMNCiAgICAgICAgICAgICAgICAgICAgIDE1Mi44NTQuNTI4IGJ5dGVzIGZyZWUNCg=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":55,"global_ts_usec":1576409872683060}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":69,"pkt_type":55,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":69,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieADfw8BQaDgD\/7xYMAAAKACgAAxX\/U01CCwAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQFkBAAA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_usec":1576409872683183}
-00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyADvw8BoWDgD\/7xYMAAAoAAsAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQMAAB4p9l0AAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409872683292}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieADXw8BYcDgD\/7xYMAAALACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409872793837}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyABLw8BwYDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409873117808}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEeIQAAAIARuLrAqO+BwKjv\/wCJAIkATG2mAAopEAABAAAAAAABIEZIRVBG"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409876181879}
-00497{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_usec":1576409876669832}
-00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyAF3w8B4YDgD\/7xYEAAAAAAwAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAABwAAABYAAAAiKfZdAQAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409876669999}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEgIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409876670119}
-00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAFPw8BggDgD\/7xYMAAAMACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAAAQAgAB4p9l1kBAAAAAAAAAAAAQAAAAAAAAAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_usec":1576409876703380}
-00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyADvw8CAaDgD\/7xYMAAAoAA0AFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQMBAP\/\/\/\/8AAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409876703521}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEiAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409876703601}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieADXw8BoiDgD\/7xYMAAANACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409876764250}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AFBWM3ieAAwp1HmyABLw8CIcDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409876771024}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409871610878,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":64,"global_ts_usec":1576409882997566}
-00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409882997752}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":66,"global_ts_usec":1576409882997898}
-00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":66,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyAELw8CYeDgD\/7xYMAAAoAA8AFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQEAAAsABFxURVNULlRYVAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409882997999}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieADXw8B4oDgD\/7xYMAAAPACgAAxX\/U01CBgAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409883083853}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyABLw8CggDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409883461819}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieAATw8QEqDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409886201847}
-00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409888477823}
-00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409888973798}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409888973922}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AAwp1HmyAFBWM3ieAATw8QEsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409889485899}
-00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409890489826}
-00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_usec":1576409891489903}
-00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_usec":1576409881580957,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409892489826}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409891609903,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409893317826}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409891609903,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409894273832}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409893769840,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409895177868}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409894785830,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409895982740}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409895741945,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409896865840}
-00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409896749822,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409897721870}
-00497{"packet_event_id":1,"packet_event_name":"packet","packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409896749822,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_usec":1576409897722007}
-00497{"packet_event_id":1,"packet_event_name":"packet","packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_usec":1576409896749822,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_usec":1576409897781873}
-00529{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
 00882{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00921{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409897749849,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00925{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409805843525,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_usec":1576409898877607}
-00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409898877844}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409898941801}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409897749849,"pkt":"AFBWM3ieAAwp1HmyABLw8C4iDgD\/7xQAAAAoAAAAFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409899293810}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409899251619,"pkt":"AAwp1HmyAFBWM3ieAATw8QEwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409903670409}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAEvw8DAiDgD\/7xYEAAAAABEAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903670550}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QEyAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903670651}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieADXw8CIyDgD\/7xYMAAARACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409903671761}
-00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAD7w8DIkDgD\/7xYMAAAoABIAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgIUAAAABQAEAAUAAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903671851}
-00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE0DgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903671904}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieADXw8CQ0DgD\/7xYMAAASACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_usec":1576409903672058}
-00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAEvw8DQmDgD\/7xYMAAAoABMAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903672135}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE2DgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":187,"global_ts_usec":1576409903672211}
-00569{"packet_event_id":1,"packet_event_name":"packet","packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":201,"pkt_type":187,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":201,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieALvw8CY2DgD\/7xYMAAATACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgEDAIQABYEAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAACDPz8\/Pz8\/Pz8\/Pz8WAgABAAAAAAAQyWSPTwAAAABURVNUACAgIAAAAAAA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_usec":1576409903677279}
-00423{"packet_event_id":1,"packet_event_name":"packet","packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyAFPw8DYoDgD\/7xYMAAAoABQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYCAAEAgwAAAQ=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903677421}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE4AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903677504}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieADXw8Cg4DgD\/7xYMAAAUACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409903679586}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyADXw8DgqDgD\/7xYMAAAoABUAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgAAAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903679667}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE6AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_usec":1576409903679733}
-00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAD\/w8Co6DgD\/7xYMAAAVACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgVq\/wABAAJ2+AAAAAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409903737930}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AFBWM3ieAAwp1HmyABLw8DosDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409903738050}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409903041832,"pkt":"AAwp1HmyAFBWM3ieAATw8QE8AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_usec":1576409905957339}
-00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1576409905313002,"pkt":"AFBWM3ieAAwp1HmyADzw8DwsDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAHAARcVEVTVAA="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409905958005}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409905313002,"pkt":"AAwp1HmyAFBWM3ieADXw8Cw+DgD\/7xYMAAAWACgAAxX\/U01CAQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409906045807}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409905313002,"pkt":"AFBWM3ieAAwp1HmyABLw8D4uDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409906373827}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409906065215,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409908865229}
-00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409908865369}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_usec":1576409908865432}
-00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAD7w8C5CDgD\/7xYMAAAXACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
 01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409908392441,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409908392441,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409908973799}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyABLw8EIwDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409908973907}
-00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAATw8QFELwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409909161807}
-00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieABLw8DBEDgD\/7x8AAAAAAAAAAxVLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409909358578}
-00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAATw8QEyDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409911828356}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyADXw8EQyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_usec":1576409911828513}
-00379{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieADXw8DJGDgD\/7xYMAAAYACgAAxX\/U01CcQAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409911828650}
-00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAATw8QE0DgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409911828841}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyABLw8EY0DgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_usec":1576409911828940}
-00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyABLw8Eg1DgD\/7xgAAAAAAAAAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_usec":1576409911829009}
-00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAATw8QFLMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409911829099}
-00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AFBWM3ieAAwp1HmyAAPw8FMyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
-00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_usec":1576409911829163}
-00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AAwp1HmyAFBWM3ieAAPw8XMwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
-00201{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172,"global_ts_usec":1576409912777830}
-00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_usec":1576409908392441,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925058018}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409925058018,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925058018}
 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925661877}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409925661877,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925661877}
 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
-00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409926307736}
+00300{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409926307736,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409926307736}
 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
 02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":43,"avg":4235280.5,"max":96434388,"stddev":17261798.0,"var":297969697947648.0,"ent":1.5,"data": [471,72,38984,710235,79,43,39467,709823,84,47,40333,710082,133,63,40024,760697,749893,749148,750102,96434388,763919,759984,756024,755162,752213,756593,760022,22000853,749883,749867,755005]},"pktlen": {"min":96,"avg":96.0,"max":96,"stddev":0.0,"var":0.0,"ent":5.0,"data": [96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.156764984,4.210426807,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.176768780,4.177598476,4.193659782,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.155935764,4.289934158,4.323737621,4.323737621,4.323737621,4.282100201,4.282100201,4.282100201,4.248297215,4.376053333,4.376053333,4.376053333,4.355220318,4.281060219,4.286166668,4.277262688,4.307000160]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00880{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409928060524,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":350,"global_ts_usec":1576409931837438}
+00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1576409931837438}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 220/62
 ~~ skipped flows.............: 0
@@ -360,6 +114,6 @@
 ~~ total memory freed........: 6042771 bytes
 ~~ total allocations/frees...: 121580/121580
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json string min len.......: 203 chars
+~~ json string min len.......: 303 chars
 ~~ json string max len.......: 2136 chars
-~~ json string avg len.......: 1167 chars
+~~ json string avg len.......: 1210 chars