diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-04-21 16:48:40 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-04-21 16:48:40 +0200 |
| commit | 99accd03a2a8773ec1dd3001615f1703883b3a7a (patch) | |
| tree | 2c3b848957bd0674629603ea203286df52e36249 /test/results/iec60780-5-104.pcap.out | |
| parent | 225f4b3fb6e53958d53bafd8f234e0d28582edd0 (diff) | |
Moved `datalink` json key/value from error to packet events and renamed it to `pkt_datalink`.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/iec60780-5-104.pcap.out')
| -rw-r--r-- | test/results/iec60780-5-104.pcap.out | 60 |
1 files changed, 30 insertions, 30 deletions
diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out index 593d84e8e..98a06fa4b 100644 --- a/test/results/iec60780-5-104.pcap.out +++ b/test/results/iec60780-5-104.pcap.out @@ -1,50 +1,50 @@ 00494{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992231267238,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267238,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267345,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1219992231267487,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992231267487,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1219992231283482,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992231283482,"pkt":"ABXFGNTMABNy14eKCABFAAAubTBAAIAGRKWsG\/htrBv4TwYgCWR6t61K62XTwlAY\/\/8BHwAAaAQHAAAA"} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267238,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267345,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1219992231267487,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992231267487,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1219992231283482,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992231283482,"pkt":"ABXFGNTMABNy14eKCABFAAAubTBAAIAGRKWsG\/htrBv4TwYgCWR6t61K62XTwlAY\/\/8BHwAAaAQHAAAA"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992231283482,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992231283482,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1219992231283482,"flow_dst_last_pkt_time":1219992231334870,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992231334870,"pkt":"ABNy14eKABXFGNTMCABFAAAuQVZAAIAGcH+sG\/hPrBv4bQlkBiDrZdPCeretUFAY\/\/lJFQAAaAQLAAAA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1219992231283482,"flow_dst_last_pkt_time":1219992231334870,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992231334870,"pkt":"ABNy14eKABXFGNTMCABFAAAuQVZAAIAGcH+sG\/hPrBv4bQlkBiDrZdPCeretUFAY\/\/lJFQAAaAQLAAAA"} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992393215803,"flow_src_last_pkt_time":1219992393215803,"flow_dst_last_pkt_time":1219992393215803,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992393215803,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1219992393215803,"flow_dst_last_pkt_time":1219992393215803,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992393215803,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1219992393215803,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992393215922,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1219992393216061,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992393216061,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1219992393217157,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992393217157,"pkt":"ABXFGNTMABNy14eKCABFAAAubYVAAIAGRFCsG\/htrBv4TwYiCWRtLtqmSN57qVAY\/\/\/b6gAAaAQHAAAA"} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1219992393215803,"flow_dst_last_pkt_time":1219992393215803,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992393215803,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1219992393215803,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992393215922,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1219992393216061,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992393216061,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1219992393217157,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992393217157,"pkt":"ABXFGNTMABNy14eKCABFAAAubYVAAIAGRFCsG\/htrBv4TwYiCWRtLtqmSN57qVAY\/\/\/b6gAAaAQHAAAA"} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992393215803,"flow_src_last_pkt_time":1219992393217157,"flow_dst_last_pkt_time":1219992393215922,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992393217157,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1219992393217157,"flow_dst_last_pkt_time":1219992393220279,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992393220279,"pkt":"ABNy14eKABXFGNTMCABFAAAuQXhAAIAGcF2sG\/hPrBv4bQlkBiJI3nupbS7arFAY\/\/lJFQAAaAQLAAAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1219992393217157,"flow_dst_last_pkt_time":1219992393220279,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992393220279,"pkt":"ABNy14eKABXFGNTMCABFAAAuQXhAAIAGcF2sG\/hPrBv4bQlkBiJI3nupbS7arFAY\/\/lJFQAAaAQLAAAA"} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992486295923,"flow_src_last_pkt_time":1219992486295923,"flow_dst_last_pkt_time":1219992486295923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992486295923,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1219992486295923,"flow_dst_last_pkt_time":1219992486295923,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992486295923,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1219992486295923,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992486296052,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1219992486296202,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992486296202,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1219992486297425,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992486297425,"pkt":"ABXFGNTMABNy14eKCABFAAAubaVAAIAGRDCsG\/htrBv4TwYjCWQlpaXP9d4fCFAY\/\/8H6wAAaAQHAAAA"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1219992486295923,"flow_dst_last_pkt_time":1219992486295923,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992486295923,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1219992486295923,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992486296052,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1219992486296202,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992486296202,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1219992486297425,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992486297425,"pkt":"ABXFGNTMABNy14eKCABFAAAubaVAAIAGRDCsG\/htrBv4TwYjCWQlpaXP9d4fCFAY\/\/8H6wAAaAQHAAAA"} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992486295923,"flow_src_last_pkt_time":1219992486297425,"flow_dst_last_pkt_time":1219992486296052,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992486297425,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1219992486297425,"flow_dst_last_pkt_time":1219992486468944,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1219992486468944,"pkt":"ABNy14eKABXFGNTMCABFAAAoQX9AAIAGcFysG\/hPrBv4bQlkBiP13h8IJaWl1VAQ\/\/lJDwAA"} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1219992486297425,"flow_dst_last_pkt_time":1219992486468944,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1219992486468944,"pkt":"ABNy14eKABXFGNTMCABFAAAoQX9AAIAGcFysG\/hPrBv4bQlkBiP13h8IJaWl1VAQ\/\/lJDwAA"} 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992392222529,"flow_dst_last_pkt_time":1219992392222553,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1219992546983652,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992590188368,"flow_dst_last_pkt_time":1219992590188368,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992590188368,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1219992590188368,"flow_dst_last_pkt_time":1219992590188368,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992590188368,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1219992590188368,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992590188498,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1219992590188640,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992590188640,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1219992590189788,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992590189788,"pkt":"ABXFGNTMABNy14eKCABFAAAubcdAAIAGRA6sG\/htrBv4TwYkCWQxVG2gnfsm2FAY\/\/+EfQAAaAQHAAAA"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1219992590188368,"flow_dst_last_pkt_time":1219992590188368,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992590188368,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1219992590188368,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992590188498,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1219992590188640,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992590188640,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1219992590189788,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992590189788,"pkt":"ABXFGNTMABNy14eKCABFAAAubcdAAIAGRA6sG\/htrBv4TwYkCWQxVG2gnfsm2FAY\/\/+EfQAAaAQHAAAA"} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992590189788,"flow_dst_last_pkt_time":1219992590188498,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992590189788,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1219992590189788,"flow_dst_last_pkt_time":1219992590192812,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992590192812,"pkt":"ABNy14eKABXFGNTMCABFAAAuQYZAAIAGcE+sG\/hPrBv4bQlkBiSd+ybYMVRtplAY\/\/lJFQAAaAQLAAAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1219992590189788,"flow_dst_last_pkt_time":1219992590192812,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992590192812,"pkt":"ABNy14eKABXFGNTMCABFAAAuQYZAAIAGcE+sG\/hPrBv4bQlkBiSd+ybYMVRtplAY\/\/lJFQAAaAQLAAAA"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1219992393215803,"flow_src_last_pkt_time":1219992485282569,"flow_dst_last_pkt_time":1219992485282593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1219992650548424,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1219992486295923,"flow_src_last_pkt_time":1219992589197307,"flow_dst_last_pkt_time":1219992589197331,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1219992710502401,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992782348776,"flow_dst_last_pkt_time":1219992782348776,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992782348776,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1219992782348776,"flow_dst_last_pkt_time":1219992782348776,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992782348776,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1219992782348776,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992782348894,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1219992782349033,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992782349033,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1219992782350496,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992782350496,"pkt":"ABXFGNTMABNy14eKCABFAAAubjlAAIAGQ5ysG\/htrBv4TwYpCWQN1WRNBOSZfVAY\/\/\/XvAAAaAQHAAAA"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1219992782348776,"flow_dst_last_pkt_time":1219992782348776,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992782348776,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1219992782348776,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992782348894,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1219992782349033,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992782349033,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1219992782350496,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992782350496,"pkt":"ABXFGNTMABNy14eKCABFAAAubjlAAIAGQ5ysG\/htrBv4TwYpCWQN1WRNBOSZfVAY\/\/\/XvAAAaAQHAAAA"} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992782350496,"flow_dst_last_pkt_time":1219992782348894,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992782350496,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1219992782350496,"flow_dst_last_pkt_time":1219992782353159,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992782353159,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZJAAIAGcEOsG\/hPrBv4bQlkBikE5Jl9DdVkU1AY\/\/lJFQAAaAQLAAAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1219992782350496,"flow_dst_last_pkt_time":1219992782353159,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992782353159,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZJAAIAGcEOsG\/hPrBv4bQlkBikE5Jl9DdVkU1AY\/\/lJFQAAaAQLAAAA"} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992819942883,"flow_dst_last_pkt_time":1219992819942883,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992819942883,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1219992819942883,"flow_dst_last_pkt_time":1219992819942883,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992819942883,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1219992819942883,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992819943016,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1219992819943166,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992819943166,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819944348,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1219992819942883,"flow_dst_last_pkt_time":1219992819942883,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992819942883,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1219992819942883,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992819943016,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1219992819943166,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1219992819943166,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819944348,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992819944348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819947305,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819947305,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819947305,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819947305,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"} 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992781349438,"flow_dst_last_pkt_time":1219992781349461,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1219992910077446,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992818955088,"flow_dst_last_pkt_time":1219992818955112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":6,"midstream":0,"thread_ts_usec":1219992961194617,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} |