diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-12-15 23:25:32 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-20 00:50:38 +0100 |
| commit | 9e07a57566cc45bf92a845d8cee968d72e0f314e (patch) | |
| tree | 8f1a6bfd08bd68a5253fadf3a01beecda77b1c95 /test/results/ftp.pcap.out | |
| parent | a35fc1d5ea8570609cc0c8cf6edadc81f8f5bb76 (diff) | |
Major nDPId extension. Sorry for the huge commit.
- nDPId: fixed invalid IP4/IP6 tuple compare
- nDPIsrvd: fixed caching issue (finally)
- added tiny c example (can be used to check flow manager sanity)
- c-captured: use flow_last_seen timestamp from `struct nDPIsrvd_flow`
- README.md update: added example JSON sequence
- nDPId: added new flow event `update` necessary for correct
timeout handling (and other future use-cases)
- nDPIsrvd.h and nDPIsrvd.py: switched to an instance
(consists of an alias/source tuple) based flow manager
- every flow related event **must** now serialize `alias`, `source`,
`flow_id`, `flow_last_seen` and `flow_idle_time` to make the timeout
handling and verification process work correctly
- nDPIsrvd.h: ability to profile any dynamic memory (de-)allocation
- nDPIsrvd.py: removed PcapPacket class (unused)
- py-flow-dashboard and py-flow-multiprocess: fixed race condition
- py-flow-info: print statusbar with probably useful information
- nDPId/nDPIsrvd.h: switched from packet-flow only timestamps (`pkt_*sec`)
to a generic flow event timestamp `ts_msec`
- nDPId-test: added additional checks
- nDPId: increased ICMP flow timeout
- nDPId: using event based i/o if capturing packets from a device
- nDPIsrvd: fixed memory leak on shutdown if remote descriptors
were still connected
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/ftp.pcap.out')
| -rw-r--r-- | test/results/ftp.pcap.out | 83 |
1 files changed, 27 insertions, 56 deletions
diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out index 42ed7d6b9..1c3d51402 100644 --- a/test/results/ftp.pcap.out +++ b/test/results/ftp.pcap.out @@ -1,64 +1,35 @@ -00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255} -00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":892296,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} -00431{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919708,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} -00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"} -00446{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":948716,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xCwDBkn+EBMx8Tl2CABFAABIOodAADYGpuFagkZJwKgB1AAVxgZYKsHToyOX7oAYAAO8UwAAAQEIChJn+1Q7V5i0MjIwICh2c0ZUUGQgMy4wLjMpDQo="} -00419{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":948828,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB54AQECtjbgAAAQEICjtXmNESZ\/tU"} -00443{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":949354,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2xCwDBkn+CABFEABEAABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB54AYECtjfgAAAQEICjtXmNESZ\/tUVVNFUiBhbm9ueW1vdXMNCg=="} -00419{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OohAADYGpvRagkZJwKgB1AAVxgZYKsHnoyOX\/oAQAAMWNwAAAQEIChJn+1s7V5jR"} -00469{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976691,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"xCwDBkn+EBMx8Tl2CABFAABWOolAADYGptFagkZJwKgB1AAVxgZYKsHnoyOX\/oAYAAPO6wAAAQEIChJn+1s7V5jRMzMxIFBsZWFzZSBzcGVjaWZ5IHRoZSBwYXNzd29yZC4NCg=="} -00419{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976755,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5f+WCrCCYAQECpjbgAAAQEICjtXmOwSZ\/tb"} -00441{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976972,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2xCwDBkn+CABFEABBAABAAEAGAADAqAHUWoJGScYGABWjI5f+WCrCCYAYECpjewAAAQEICjtXmOwSZ\/tbUEFTUyBOY0ZUUEANCg=="} -00419{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":45752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OopAADYGpvJagkZJwKgB1AAVxgZYKsIJoyOYC4AQAAMV2wAAAQEIChJn+207V5js"} -00451{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":66945,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xCwDBkn+EBMx8Tl2CABFAABLOotAADYGptpagkZJwKgB1AAVxgZYKsIJoyOYC4AYAAM0PgAAAQEIChJn+3I7V5jsMjMwIExvZ2luIHN1Y2Nlc3NmdWwuDQo="} -00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol","36":"Clear-text credentials"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}} -00420{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAQECljbgAAAQEICjtXmUUSZ\/ty"} -00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA5AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAYECljcwAAAQEICjtXmUUSZ\/tyUFdEDQo="} -00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":94015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OoxAADYGpvBagkZJwKgB1AAVxgZYKsIgoyOYEIAQAAMVWgAAAQEIChJn+3k7V5lF"} -00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00437{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":580045,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"} -00432{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="} -00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"} -02034{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637965,"pkt_caplen":1271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1271,"pkt_l4_len":1237,"pkt":"xCwDBkn+EBMx8Tl2CABFAATpn4tAADYGPTxagkZJwKgB1GRVxgdmK2Nx7sCijYAYAAMMxgAAAQEIChJn\/Po7V585LXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwMDAgRmViIDE5ICAyMDE2IDEwMDBHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDczNzQxODI0MDAgRmViIDE5ICAyMDE2IDEwMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAgMTAyNDAwIEZlYiAxOSAgMjAxNiAxMDBLQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDQ4NTc2MDAgRmViIDE5ICAyMDE2IDEwME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwIEZlYiAxOSAgMjAxNiAxMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNDg1NzYwIEZlYiAxOSAgMjAxNiAxME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQgRmViIDE5ICAyMDE2IDFHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgICAgMTAyNCBGZWIgMTkgIDIwMTYgMUtCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAxMDQ4NTc2IEZlYiAxOSAgMjAxNiAxTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgMjA5NzE1MjAwIEZlYiAxOSAgMjAxNiAyMDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAyMDk3MTUyMCBGZWIgMTkgIDIwMTYgMjBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgMjA5NzE1MiBGZWIgMTkgIDIwMTYgMk1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAzMTQ1NzI4IEZlYiAxOSAgMjAxNiAzTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgNTI0Mjg4MDAwIEZlYiAxOSAgMjAxNiA1MDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICA1MjQyODgwMCBGZWIgMTkgIDIwMTYgNTBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgIDUyNDI4OCBGZWIgMTkgIDIwMTYgNTEyS0IuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgIDUyNDI4ODAgRmViIDE5ICAyMDE2IDVNQi56aXANCmRyd3hyLXhyLXggICAgMiAxMDUgICAgICAxMDggICAgICAgICAxNjM4NCBNYXIgMTQgMjA6MDMgdXBsb2FkDQo="} -00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} -00420{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n4xAADYGQfBagkZJwKgB1GRVxgdmK2gm7sCijYARAAOfgQAAAQEIChJn\/Po7V585"} -00420{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJoAQEAZjbgAAAQEICjtXn1USZ\/z6"} -00420{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AQEAZjbgAAAQEICjtXn1USZ\/z6"} -00420{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AREAZjbgAAAQEICjtXn1USZ\/z6"} -00420{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":666222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n41AADYGQe9agkZJwKgB1GRVxgdmK2gn7sCijoAQAAOfXAAAAQEIChJn\/QI7V59V"} -00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00437{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":545143,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"} -00432{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573913,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="} -00419{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"} -02346{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":603492,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeONAADYGYvlagkZJwKgB1F\/LxggMTn7RDQcaT4AQAAMzeQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00435{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":603523,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFCABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MbAQECxjegAAAQEICjtXspoSaAHMAQEFCgxOftEMToRx"} -02346{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":603773,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOJAADYGYvpagkZJwKgB1F\/LxggMTnkxDQcaT4AQAAM5GQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00419{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":603807,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE6EcYAQD9JjbgAAAQEICjtXspoSaAHT"} -02346{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":604370,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeORAADYGYvhagkZJwKgB1F\/LxggMToRxDQcaT4AQAAMt2QAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00419{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":604415,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE6KEYAQEABjbgAAAQEICjtXspoSaAHT"} -02347{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":604710,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOVAADYGYvdagkZJwKgB1F\/LxggMTooRDQcaT4AQAAMoOQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -02347{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605168,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOZAADYGYvZagkZJwKgB1F\/LxggMTo+xDQcaT4AQAAMimQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00420{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605205,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE6VUYAQD9NjbgAAAQEICjtXspsSaAHT"} -02347{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605531,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOdAADYGYvVagkZJwKgB1F\/LxggMTpVRDQcaT4AQAAMc+QAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00420{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE6a8YAQEABjbgAAAQEICjtXspsSaAHT"} -02347{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605595,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOhAADYGYvRagkZJwKgB1F\/LxggMTprxDQcaT4AQAAMXWQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":323,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test"} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"} +00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol","36":"Clear-text credentials"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}} +00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"} +00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":323,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"ts_msec":1552590241726,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","total-events-serialized":20} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1192/1192 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 1089060 bytes +~~ total layer4 data length..: 1050844 bytes ~~ total detected protocols..: 2 ~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1971980 bytes -~~ total memory freed........: 1971980 bytes +~~ total memory allocated....: 1972068 bytes +~~ total memory freed........: 1972068 bytes ~~ total allocations/frees...: 36539/36539 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 130 chars -~~ json string max len.......: 2352 chars -~~ json string avg len.......: 1314 chars +~~ json string min len.......: 159 chars +~~ json string max len.......: 722 chars +~~ json string avg len.......: 510 chars |