diff options
| author | lns <matzeton@googlemail.com> | 2022-04-26 11:30:41 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2022-04-26 11:44:31 +0200 |
| commit | 4fde63b5c27f0e3b809545d9e877c2218148b475 (patch) | |
| tree | 9948cc99596bff54a234654fe5bc4584c9620037 /test/results/kontiki.pcap.out | |
| parent | 0385653023d21ac693ecc4d47070a244739507c2 (diff) | |
Small fixes.
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/kontiki.pcap.out')
| -rw-r--r-- | test/results/kontiki.pcap.out | 80 |
1 files changed, 40 insertions, 40 deletions
diff --git a/test/results/kontiki.pcap.out b/test/results/kontiki.pcap.out index 4631f4057..4c0802529 100644 --- a/test/results/kontiki.pcap.out +++ b/test/results/kontiki.pcap.out @@ -1,45 +1,45 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kontiki.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1213662195077} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":180000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662195077,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -01773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213662195077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1033,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1033,"pkt_l4_len":999,"thread_ts_msec":1213662195077,"pkt":"\/\/\/\/\/\/\/\/ABVYKKDoCABFAAP7D3UAACARXSoKGSA7\/\/\/\/\/03sTewD53pePD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxaTWVzc2FnZSB0YXJnZXQ9IlpCQlAuMS5TdWJuZXRSZXF1ZXN0IiBtaW5vcj0iMjAiIHBhcmFtaGVhZGVybGVuZ3RoPSI0OTQiIHNpZ25hdHVyZT0iNE5QY0MyZTRZVGh2ZkFESUdPd2pNRFVENjl3NURpVTNsTWdZSFZCcVZGaUZKaXdTRXZ2Yit2cVVvUllHb25NdXd5c0lxWEIyZHJJNGR0aDNVR2ZSZ3lXbU9ES0JZYVVUVys1dzJRdWpYNk5ZQW5Vc3E1cGVWdnJQZ1ZJNFNqU1JhWjhkZXM3SkptU3RZRGtramVZR3hLblVsODUzZzFFSlVRZkVQVTdEY0RHQyIgc2lnbmVyPSI2UEJrWm50NHgzampVbFk2NjdXa2M5WFZESWh4YmZGbHI0VmE5UnE5WWdSZngzczhZWUw5cVp1ZXRCaXRqdytGRDU0T3hKcnF6TzBqMVlCc1YvaEFpL3d2UnlRcFVVdm52Z0pHejNVYTc5V1FXNDFURzZBTnhoWFl1TkZxRDMwZDFoakdDa1dRalhBK0Z0UFc2WFQ4UjB3NktkZk9sNjlhSHh0WG81eEIwY2I5Ij4NCjwvWk1lc3NhZ2U+DQo8WlBhcmFtU2V0Pg0KPHBhcmFtIG5hbWU9Il9fbXNnaGRyIiB0eXBlPSJtYXAiPg0KPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJtYXAiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0ibW9pZCIgdHlwZT0ic3RyaW5nIj5hMjQ1MmI5OC02MDdkLTIzM2MtMTFkOS1jN2MyNGRmMDQxYmY8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InNlbGZyZWYiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0iYWRkciIgdHlwZT0ic3RyaW5nIj4xMC4yNS4zMi41OTwvcGFyYW0+DQo8cGFyYW0gbmFtZT0iZXh0YWRkciIgdHlwZT0ic3RyaW5nIj42NS4yMDUuMjUxLjUxPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJwb3J0IiB0eXBlPSJ1aW50Ij44MDwvcGFyYW0+DQo8cGFyYW0gbmFtZT0idWRwcG9ydCIgdHlwZT0idWludCI+MTk5NDg8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InZlcnNpb24iIHR5cGU9InN0cmluZyI+djEuMjA8L3BhcmFtPg0KPC9wYXJhbT4NCjwvcGFyYW0+DQo8L1pQYXJhbVNldD4NCg=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1213662198289,"pkt":"AAAMB6wIABVYKKDoCABFAAFTD48AACARip0KGSA7QMiUUk3sB5wBPyUCAgUEALiJxyqdfRurkGvxcQAAAAHGclB+GpXQo7ilG\/X+QBPHZNzcc2Vgl8HXEWakCXkI\/uj8lmIl1eBkbhN4MvAcq86Z98N3bIP98eTWEBdQEYXavGuDSMiGARvJZed\/c1zWfWkiBQDMPgD+Ih+\/PJjSy0mU1LUYMuUE02zzTShWQfCvM2Xa9SOg6ec0xfxrP6bVssVjaXJqz1AT6v7o8NtJtnsERCco1F8aGfNVg8yXB5v\/LbWp1E2sz6l3Uqjqcfx5ZJSkZLl83RIr7uaKcsAZozQEdGaeqFqM+vh1lG8CYU5v3cUXR+iWSzTqhorAV8WhTpNJoFMNHVApj2b53cJQug6cwf67kqgCY5\/UQxlKUrAgIAb+T+C6ITKs8wNPNWZJmf3s1l4sH4nkFe9HNSIG47QjMrQ="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198289,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5AAAAIRqcsKGSA7QMiUVk3sIrgADIy+AgEBAA=="} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} -00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":120000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213662198289,"pkt":"ABVYKKDoANAreRD8CABFwAA8nDwAAP4B8kgKGfkOChkgOwsA9I8AAAAARQAAIA+QAAABEarLChkgO0DIlFZN7CK4AAyMvgIBAQA="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":120000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.304229} -00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1213662198292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1213662198292,"pkt":"ABVYKKDoANAreRD8CABFAADuAABAADQRRpFAyJRSChkgOwecTewA2iL0AgUEADrI\/CCQa\/FynX0bqwAAAAEU3Ww9OKrYuWJ\/RoFyF3QkawgIztP7rZEqNEZAvKFqVsbVX6Q7o7C1GOOdgQ95sj8arDoplqug4W5ycMyrjvQQyOwCiAR\/6y2A+p1htTIZLrGyKHiEi2Jp9hwzPzovQAePahwaDoff8ISW08I83wX6VJuH0Ja\/8FiWxNnH+Ai3SlJjJhuk49id1Yw4mSXZ8jvVv5UwGXcIGiI6B0mhLZ+A10L6EpKDfeBwW1y7ll9X6Tp66XFf4oxdv3GVbO9k"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1213662198298,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662198298,"pkt":"AAAMB6wIABVYKKDoCABFAAAwD5EAACARi7gKGSA7QMiUWE3sAFAAHNz5AgUCAE9LWIs\/euHNAAAE5AIEAQA="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} -00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1213662198298,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198298,"pkt":"ABVYKKDoANABJAf8CABFAAA4wMIAAP8BppIKGSADChkgOwMN0aAAAAAARQAAMA+RAAAfEYy4ChkgO0DIlFhN7ABQABzc+Q=="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1213662198301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1213662198301,"pkt":"AAAMB6wIABVYKKDoCABFAAAsD5IAACARi8EKGSA7QMiUUk3sB5wAGMoHAgQkALiJxyqdfRurkGvxcg=="} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1213662198488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198488,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5cAAAQRp8QKGSA7QMiUVk3sIrgADIy+AgEBAA=="} -00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1213662198488,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198488,"pkt":"ABVYKKDoANAreRD8CABFwAA4pIcAAPwBJOPYqPGdChkgOwsADhsAAAAARQAAIA+XAAABEarEChkgO0DIlFZN7CK4AAx2NA=="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1213662198700,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198700,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD6YAAAYRpbUKGSA7QMiUVk3sIrgADIy+AgEBAA=="} -00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1213662198701,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198701,"pkt":"ABVYKKDoANAreRD8CABFwAA4\/Y8AAPoBuFQET9t9ChkgOwsADhsAAAAARQAAIA+mAAABEaq1ChkgO0DIlFZN7CK4AAx2NA=="} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1213662200284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662200284,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEAgAACARi0EKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1213662200285,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662200285,"pkt":"ABVYKKDoANABJAf8CABFAAA4wRIAAP8BpkIKGSADChkgOwMN8aAAAAAARQAAMBAIAAAfEYxBChkgO0DIlFhN7ABQABy8+Q=="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1213662202284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662202284,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEJ8AACARiqoKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1213662202285,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662202285,"pkt":"ABVYKKDoANABJAf8CABFAAA4wVoAAP8BpfoKGSADChkgOwMN8aAAAAAARQAAMBCfAAAfEYuqChkgO0DIlFhN7ABQABy8+Q=="} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":3274,"flow_first_seen":1213662198289,"flow_last_seen":1213662202882,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":1241,"flow_tot_l4_payload_len":3714566,"flow_avg_l4_payload_len":1134,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} -00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":120000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":180000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":180000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1213662198289,"flow_last_seen":1213662198301,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1213662198289,"flow_last_seen":1213662198301,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":200000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662195077,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213662195077,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1033,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1033,"pkt_l4_len":999,"thread_ts_msec":1213662195077,"pkt":"\/\/\/\/\/\/\/\/ABVYKKDoCABFAAP7D3UAACARXSoKGSA7\/\/\/\/\/03sTewD53pePD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxaTWVzc2FnZSB0YXJnZXQ9IlpCQlAuMS5TdWJuZXRSZXF1ZXN0IiBtaW5vcj0iMjAiIHBhcmFtaGVhZGVybGVuZ3RoPSI0OTQiIHNpZ25hdHVyZT0iNE5QY0MyZTRZVGh2ZkFESUdPd2pNRFVENjl3NURpVTNsTWdZSFZCcVZGaUZKaXdTRXZ2Yit2cVVvUllHb25NdXd5c0lxWEIyZHJJNGR0aDNVR2ZSZ3lXbU9ES0JZYVVUVys1dzJRdWpYNk5ZQW5Vc3E1cGVWdnJQZ1ZJNFNqU1JhWjhkZXM3SkptU3RZRGtramVZR3hLblVsODUzZzFFSlVRZkVQVTdEY0RHQyIgc2lnbmVyPSI2UEJrWm50NHgzampVbFk2NjdXa2M5WFZESWh4YmZGbHI0VmE5UnE5WWdSZngzczhZWUw5cVp1ZXRCaXRqdytGRDU0T3hKcnF6TzBqMVlCc1YvaEFpL3d2UnlRcFVVdm52Z0pHejNVYTc5V1FXNDFURzZBTnhoWFl1TkZxRDMwZDFoakdDa1dRalhBK0Z0UFc2WFQ4UjB3NktkZk9sNjlhSHh0WG81eEIwY2I5Ij4NCjwvWk1lc3NhZ2U+DQo8WlBhcmFtU2V0Pg0KPHBhcmFtIG5hbWU9Il9fbXNnaGRyIiB0eXBlPSJtYXAiPg0KPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJtYXAiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0ibW9pZCIgdHlwZT0ic3RyaW5nIj5hMjQ1MmI5OC02MDdkLTIzM2MtMTFkOS1jN2MyNGRmMDQxYmY8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InNlbGZyZWYiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0iYWRkciIgdHlwZT0ic3RyaW5nIj4xMC4yNS4zMi41OTwvcGFyYW0+DQo8cGFyYW0gbmFtZT0iZXh0YWRkciIgdHlwZT0ic3RyaW5nIj42NS4yMDUuMjUxLjUxPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJwb3J0IiB0eXBlPSJ1aW50Ij44MDwvcGFyYW0+DQo8cGFyYW0gbmFtZT0idWRwcG9ydCIgdHlwZT0idWludCI+MTk5NDg8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InZlcnNpb24iIHR5cGU9InN0cmluZyI+djEuMjA8L3BhcmFtPg0KPC9wYXJhbT4NCjwvcGFyYW0+DQo8L1pQYXJhbVNldD4NCg=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1213662198289,"pkt":"AAAMB6wIABVYKKDoCABFAAFTD48AACARip0KGSA7QMiUUk3sB5wBPyUCAgUEALiJxyqdfRurkGvxcQAAAAHGclB+GpXQo7ilG\/X+QBPHZNzcc2Vgl8HXEWakCXkI\/uj8lmIl1eBkbhN4MvAcq86Z98N3bIP98eTWEBdQEYXavGuDSMiGARvJZed\/c1zWfWkiBQDMPgD+Ih+\/PJjSy0mU1LUYMuUE02zzTShWQfCvM2Xa9SOg6ec0xfxrP6bVssVjaXJqz1AT6v7o8NtJtnsERCco1F8aGfNVg8yXB5v\/LbWp1E2sz6l3Uqjqcfx5ZJSkZLl83RIr7uaKcsAZozQEdGaeqFqM+vh1lG8CYU5v3cUXR+iWSzTqhorAV8WhTpNJoFMNHVApj2b53cJQug6cwf67kqgCY5\/UQxlKUrAgIAb+T+C6ITKs8wNPNWZJmf3s1l4sH4nkFe9HNSIG47QjMrQ="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198289,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5AAAAIRqcsKGSA7QMiUVk3sIrgADIy+AgEBAA=="} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213662198289,"pkt":"ABVYKKDoANAreRD8CABFwAA8nDwAAP4B8kgKGfkOChkgOwsA9I8AAAAARQAAIA+QAAABEarLChkgO0DIlFZN7CK4AAyMvgIBAQA="} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.304229} +00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1213662198292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1213662198292,"pkt":"ABVYKKDoANAreRD8CABFAADuAABAADQRRpFAyJRSChkgOwecTewA2iL0AgUEADrI\/CCQa\/FynX0bqwAAAAEU3Ww9OKrYuWJ\/RoFyF3QkawgIztP7rZEqNEZAvKFqVsbVX6Q7o7C1GOOdgQ95sj8arDoplqug4W5ycMyrjvQQyOwCiAR\/6y2A+p1htTIZLrGyKHiEi2Jp9hwzPzovQAePahwaDoff8ISW08I83wX6VJuH0Ja\/8FiWxNnH+Ai3SlJjJhuk49id1Yw4mSXZ8jvVv5UwGXcIGiI6B0mhLZ+A10L6EpKDfeBwW1y7ll9X6Tp66XFf4oxdv3GVbO9k"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1213662198298,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662198298,"pkt":"AAAMB6wIABVYKKDoCABFAAAwD5EAACARi7gKGSA7QMiUWE3sAFAAHNz5AgUCAE9LWIs\/euHNAAAE5AIEAQA="} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1213662198298,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198298,"pkt":"ABVYKKDoANABJAf8CABFAAA4wMIAAP8BppIKGSADChkgOwMN0aAAAAAARQAAMA+RAAAfEYy4ChkgO0DIlFhN7ABQABzc+Q=="} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1213662198301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1213662198301,"pkt":"AAAMB6wIABVYKKDoCABFAAAsD5IAACARi8EKGSA7QMiUUk3sB5wAGMoHAgQkALiJxyqdfRurkGvxcg=="} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1213662198488,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198488,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5cAAAQRp8QKGSA7QMiUVk3sIrgADIy+AgEBAA=="} +00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1213662198488,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198488,"pkt":"ABVYKKDoANAreRD8CABFwAA4pIcAAPwBJOPYqPGdChkgOwsADhsAAAAARQAAIA+XAAABEarEChkgO0DIlFZN7CK4AAx2NA=="} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1213662198700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198700,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD6YAAAYRpbUKGSA7QMiUVk3sIrgADIy+AgEBAA=="} +00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1213662198701,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198701,"pkt":"ABVYKKDoANAreRD8CABFwAA4\/Y8AAPoBuFQET9t9ChkgOwsADhsAAAAARQAAIA+mAAABEaq1ChkgO0DIlFZN7CK4AAx2NA=="} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1213662200284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662200284,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEAgAACARi0EKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1213662200285,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662200285,"pkt":"ABVYKKDoANABJAf8CABFAAA4wRIAAP8BpkIKGSADChkgOwMN8aAAAAAARQAAMBAIAAAfEYxBChkgO0DIlFhN7ABQABy8+Q=="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1213662202284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662202284,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEJ8AACARiqoKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1213662202285,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662202285,"pkt":"ABVYKKDoANABJAf8CABFAAA4wVoAAP8BpfoKGSADChkgOwMN8aAAAAAARQAAMBCfAAAfEYuqChkgO0DIlFhN7ABQABy8+Q=="} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":3274,"flow_first_seen":1213662198289,"flow_last_seen":1213662202882,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":1241,"flow_tot_l4_payload_len":3714566,"flow_avg_l4_payload_len":1134,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":200000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":200000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1213662198289,"flow_last_seen":1213662198301,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1213662198289,"flow_last_seen":1213662198301,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":3289,"packets-processed":3289,"total-skipped-flows":0,"total-l4-data-len":3716430,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1213662202883} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3289/3289 |