aboutsummaryrefslogtreecommitdiff
path: root/test/results/monitoring/telegram_videocall_2.pcapng.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2025-01-25 09:14:02 +0100
committerToni Uhlig <matzeton@googlemail.com>2025-01-25 10:07:25 +0100
commit471ea834933dd089b49777d595cef9f612bdb709 (patch)
tree85a8600d268ede6bc705a3ba1aec109cc959f5b9 /test/results/monitoring/telegram_videocall_2.pcapng.out
parent064bd3aefa7a4f98b4c3c079e03df37c1b0b5125 (diff)
bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55
* incorporated upstream changes Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/monitoring/telegram_videocall_2.pcapng.out')
-rw-r--r--test/results/monitoring/telegram_videocall_2.pcapng.out80
1 files changed, 80 insertions, 0 deletions
diff --git a/test/results/monitoring/telegram_videocall_2.pcapng.out b/test/results/monitoring/telegram_videocall_2.pcapng.out
new file mode 100644
index 000000000..27cd84137
--- /dev/null
+++ b/test/results/monitoring/telegram_videocall_2.pcapng.out
@@ -0,0 +1,80 @@
+00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347}
+00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731946730424347,"pkt":"AQBeAAD7dNo47VMyCABFAABJz2FAAP8R\/pzAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"}
+01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731946733955605,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="}
+01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900337,"pkt":"dNo47VMyYhO2esBpCABFAAA4MVhAAEAR15vAqAxDW2wJapwgBXgAJPquAAMACCESpEJqbjEvdGFsZ2dHd3IAGQAEEQAAAA=="}
+01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900481,"pkt":"dNo47VMyYhO2esBpCABFAAA4CeVAAEAR+3XAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
+01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900572,"pkt":"dNo47VMyYhO2esBpCABFAAA4bgpAAEARkyLAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
+01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740900678,"pkt":"dNo47VMyYhO2esBpCABFAABEEnFAAEAR9tbAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
+00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901087,"pkt":"dNo47VMyYhO2esBpCABFAABE+u5AAEARBlvAqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
+00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901130,"pkt":"dNo47VMyYhO2esBpCABFAABEAY5AAEARA6rAqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
+00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740924754,"pkt":"YhO2esBpdNo47VMyCABFAAB446VAADMRMg5bbAlqwKgMQwV4nCAAZJQXARMASCESpEJqbjEvdGFsZ2dHd3IACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NDQ3YzBhODM4ODc3NDYzABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABE+Mpgc="}
+01199{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731946740924754,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}}
+00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946740924787,"pkt":"YhO2esBpdNo47VMyCABFAABc7RxAADQRKBNbbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="}
+00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731946740929880,"pkt":"dNo47VMyYhO2esBpCABFAACYMVpAAEAR1znAqAxDW2wJapwgBXgAhAJ3AAMAaCESpEJsTFp4REFIYU15dVIAGQAEEQAAAAAGAB0xNzMxOTY4MzQxOjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTQ0N2MwYTgzODg3NzQ2MwAIABR2KtKB33CStbawXfNsZh\/G\/qvnnA=="}
+00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740957073,"pkt":"YhO2esBpdNo47VMyCABFAAB446ZAADMRMg1bbAlqwKgMQwV4nCAAZDpdAQMASCESpEJsTFp4REFIYU15dVIAFgAIAAGyOHp+rSgAIAAIAAG4bXwxDtIADQAEAAAAPIAiAAROb25lAAgAFJlm+aznLL1e9oLm1nndfGyxhvvEgCgABLF4z2o="}
+00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741023286,"pkt":"YhO2esBpdNo47VMyCABFAABcXThAADERtudbbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="}
+00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741048373,"pkt":"YhO2esBpdNo47VMyCABFAABcZP9AADMRqTJbbBEIwKgMQwJVtlMASPRsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146448,"pkt":"dNo47VMyYhO2esBpCABFAAA4CfFAAEAR+2nAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
+01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146448,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146793,"pkt":"dNo47VMyYhO2esBpCABFAAA4bhJAAEARkxrAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
+01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146793,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415294,"pkt":"dNo47VMyYhO2esBpCABFAABEEpBAAEAR9rfAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
+00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415371,"pkt":"dNo47VMyYhO2esBpCABFAABE+wxAAEARBj3AqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415476,"pkt":"dNo47VMyYhO2esBpCABFAABEAZpAAEARA57AqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="}
+00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741438361,"pkt":"YhO2esBpdNo47VMyCABFAABc7YBAADQRJ69bbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="}
+00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741455021,"pkt":"dNo47VMyYhO2esBpCABFAACUEpNAAEAR9mTAqAxDW2wJCqzzAlUAgHyHyTuYM2k\/Rq6r+4eN3ZN1HXFa7KgAAABgAAEATCESpEJGSHIzakJmWDlZZFMABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABRP6D96wpT\/fEBrc+uxm4DhzbqVVYAoAAQMwkOe"}
+01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741455021,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741535530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741535530,"pkt":"YhO2esBpdNo47VMyCABFAABcXUJAADERtt1bbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="}
+00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741562289,"pkt":"YhO2esBpdNo47VMyCABFAABcZT9AADMRqPJbbBEIwKgMQwJVtlMASPNsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD2aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="}
+00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741563039,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731946741563039,"pkt":"dNo47VMyYhO2esBpCABFAACcMZVAAEAR1vrAqAxDW2wJapwgBXgAiIiMAAgAbCESpEJMS2hqRmNPSktXYS8AEgAIAAHvmHp+rSgABgAdMTczMTk2ODM0MToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDk0NDdjMGE4Mzg4Nzc0NjMACAAUfZYAz1TCSseNGKU6e+wfgKw\/POI="}
+00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741638435,"pkt":"YhO2esBpdNo47VMyCABFAACUXU5AADERtplbbA0awKgMQwJWpbEAgLnOyTuYM2k\/Rq6r+4eNjxlZTO1GBpwAAABgAAEATCESpEIwM1UvU3NIOVJGMEUABgAJMkdTaDpRU2gxAAAAwFcABAADA4SAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABTXPLZETMdJvNRvTRPxblog6S0sPoAoAAT2Mcen"}
+01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":248,"midstream":0,"thread_ts_usec":1731946741638435,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741647287,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741647287,"pkt":"dNo47VMyYhO2esBpCABFAAA4CgNAAEAR+1fAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741648442,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741648442,"pkt":"dNo47VMyYhO2esBpCABFAAA4biRAAEARkwjAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
+00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741797117,"pkt":"dNo47VMyYhO2esBpCABFAACU+zBAAEARBcnAqAxDW2wRCLZTAlUAgPrbyTuYM2k\/Rq6r+4eNp\/o6mYvDr3MAAABgAAEATCESpEJOaDNhdFBKSlg5a20ABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTs6d5ccQOT\/RksJw\/DwndeFN1ti4AoAASntpvk"}
+01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741797117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}}
+02387{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":90,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946742240391,"flow_dst_last_pkt_time":1731946742264226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":262,"flow_src_tot_l4_payload_len":2187,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1731946742264226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":87224.0,"max":633159,"stddev":149549.7,"var":22365106176.0,"ent":3.7,"data": [24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564]},"pktlen": {"min":56,"avg":146.8,"max":680,"stddev":107.0,"var":11452.5,"ent":4.8,"data": [56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89]},"bins": {"c_to_s": [1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
+00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742647652,"pkt":"dNo47VMyYhO2esBpCABFAAA4CkNAAEAR+xfAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="}
+00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742649019,"pkt":"dNo47VMyYhO2esBpCABFAAA4boZAAEARkqbAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="}
+02244{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742282512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":1980,"midstream":0,"thread_ts_usec":1731946742884971,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":108584.7,"max":699013,"stddev":167856.0,"var":28175654912.0,"ent":3.8,"data": [24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013]},"pktlen": {"min":68,"avg":160.0,"max":624,"stddev":120.1,"var":14426.0,"ent":4.7,"data": [68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148]},"bins": {"c_to_s": [0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0],"entropies": [4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01175{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":120,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946743383191,"flow_dst_last_pkt_time":1731946743371372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1193,"flow_src_tot_l4_payload_len":45388,"flow_dst_tot_l4_payload_len":65505,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}}
+01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946742336578,"flow_dst_last_pkt_time":1731946742616857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":776,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742970662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":2068,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946742234615,"flow_dst_last_pkt_time":1731946742577561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1731946743383191}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 315/315
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 118015 bytes
+~~ total detected protocols..: 8
+~~ total active/idle flows...: 8/8
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 7511070 bytes
+~~ total memory freed........: 7511070 bytes
+~~ total allocations/frees...: 126263/126263
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 570 chars
+~~ json message max len.......: 2392 chars
+~~ json message avg len.......: 1480 chars
Powered by cgit, Themed by Ted Yin.