diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-10-08 11:12:32 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-10-08 11:31:58 +0200 |
| commit | 315f90f9828ddfa2e580f45afb1a3d6804bab923 (patch) | |
| tree | 6433d64724d5988dbc9edca4fe933a35ac05e415 /test/results/nest_log_sink.pcap.out | |
| parent | fe77c44e3f6e70e4dfa7c7aa4248f9964518d4f3 (diff) | |
Fixed invalid "flow_last_seen" timestamp for the first packet.
* After the first packet was processed, "flow_last_seen" was still 0.
This behaviour is invalid as the first packet may contain l4 payload data e.g. for UDP
and it also breaks nDPId json consistency "flow_first_seen" > 0, but "flow_last_seen" == 0.
* JSON schema: set minimum timestamp value for Epoch timestamps to 24710 for flow_*_seen and
1 for pcap packet ts. Those values are dependant on some manipulated pcap's in libnDPI/tests/pcap.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/nest_log_sink.pcap.out')
| -rw-r--r-- | test/results/nest_log_sink.pcap.out | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index dadbce617..e6d16bd9f 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -1,5 +1,5 @@ 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255} -00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1536712992228,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1536712992228,"flow_last_seen":1536712992228,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00421{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536712992,"pkt_ts_usec":228658,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536712992,"pkt_ts_usec":289465,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713052,"pkt_ts_usec":295189,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} @@ -15,12 +15,12 @@ 00421{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713233,"pkt_ts_usec":3980,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2gAAP8GYxTAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00415{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713233,"pkt_ts_usec":69799,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNppAAC0G7eIjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00422{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713293,"pkt_ts_usec":69829,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2kAAP8GYxPAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00454{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":587299,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00474{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":587655,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUsrpAAEARInzAqPIBwKjyDwA1znEAQGW0CwiBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1536714602612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1536714602612,"flow_last_seen":1536714602612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":612148,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL4oAAP8GGxPAqPIPI7yauvduK1cIvyQjAAAAAGACEgDGgwAAAgQEgAAA"} 00422{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":681891,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX927RT8zNCL8kJGASbvDKWAAAAgQFjA=="} 00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":684345,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL4sAAP8GGxbAqPIPI7yauvduK1cIvyQk0U\/MzlAQEgA+3gAAAAAAAAAA"} @@ -41,7 +41,7 @@ 00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1536714602587,"flow_last_seen":1536714607328,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00574{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":527675,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"GLQwJjRAAJD7JidrCABFAACbt7BAAEARHT\/AqPIBwKjyDwA1znEAh2X7bMaBgAABAAIAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAHADAAFAAEAAAB4ACgRZWMyLTM1LTE3NC04Mi0yMzcJY29tcHV0ZS0xCWFtYXpvbmF3c8AywEcAAQABAAj0MQAEI65S7Q=="} 00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":213,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}} -00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1536714607530,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1536714607530,"flow_last_seen":1536714607530,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":530778,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL7MAAP8GYsXAqPIPI65S7fdvK1cIymiPAAAAAGACEgDJ5gAAAgQEgAAA"} 00424{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":594881,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX92+qr\/jxCMpokGASaQPN\/AAAAgQFtA=="} 00423{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":597463,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"} @@ -58,7 +58,7 @@ 00585{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":883943,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiL7kAAP8GYknAqPIPI65S7fdvK1cIymxrqq\/701AYDx9gXwAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQY+yHq8Hj1RzfgRN3XTu0+CiEKTy6+IzsA+mU6qvgBBUGVq3W78i5YloI79fuBd0YFwMzvdhnYb7vbqINLTsbYAHyNdClS55D32zHd4eHou\/xLB34fZkfI+mh+OB7vzJ\/vTPU="} 01275{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":948271,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdsiBAAC0Gb+cjrlLtwKjyDytX92+qr\/vTCMps5VAYcRColAAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQY+yF5gSMY5j0IRomX+JCupCk+ve5lJYBi5D7VXnN7yVh9WHY40fMHjsqX5vrgg7qCzOb3S7+s3MTpPrGcIcVehoh0hNE\/AUh\/l05LIJcfsYEUayujDOVQKSljRpx5pGdv3dngLjYDnAr+L4Ha13T3Du3LWCR0P670Xeu9JdPkJfYH+zEGsJQ+2VbZjZXJX5fdNzKoWqycH7dGyCw2ac1\/iOMgwCNM7ba8sSyJnWE4r1SzIBIR1InIILVl1F4DglLIcY9ku9DTMXpi\/hZ2YRM9SdkPLe2UuM1DK6JKV6VuRBixRswGUn+jIRDzdkahkt7pyJgLKPaJdZ+fjcxWD\/8NIzc08afSf18XAgPDcQkKOKfxxB0i6WLR0QUKBFugdRgIQiKn6rNIHdsMKAzlaqvmI0Ac8LbTXoe6+U56JKHvMdVKTlB\/G6lDcqoYVrw+6WzTUfhzse\/hxqHjCfVIv46PtZr5wJBElba\/NuPvH5MTYXLhPfopbHFO0E+984emZYu\/6gdyMYjERy7ehecQCvEa\/gPNJuvt4D+WU6vh+iboJi245pEDd4P8EcCv81b0FNLNGkdfqX0BDMnofBVXA6wcO85ZdCEuvj+BMPm9S7ttt5zK0K1BuVL8EYaYj9OIrlp8+yxkRFg9etPwjIpPjb4y\/CewBUWAbv9tBaY6xQge\/xgkq+RJG3WYbazKLOC3hmWFDk0b4GwzSW+A2t\/Ri+9DCUggDMHw\/FglQSdpXOk6X5GqSuq9\/1GuBHnpRmsBRnhFrYEq1k2eq6QvJ1VlEobomVL5KDvX\/cKzW1+i8k8="} 00424{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":962073,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7oAAP8GYsLAqPIPI65S7fdvK1cIymzlqq\/+SFAQEgAzEgAAAAAAAAAA"} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1536714610253,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1536714610253,"flow_last_seen":1536714610253,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00423{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714610,"pkt_ts_usec":253460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"} 00422{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714610,"pkt_ts_usec":314466,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="} 00422{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714610,"pkt_ts_usec":318069,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"} @@ -80,12 +80,12 @@ 00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00456{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":804764,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00474{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":805070,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUcEtAAEARZOvAqPIBwKjyDwA1znEAQGW0d92BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1536716402828,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1536716402828,"flow_last_seen":1536716402828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":828004,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL\/gAAP8GGqXAqPIPI7yauvdxK1cI4Q21AAAAAGACEgDczAAAAgQEgAAA"} 00422{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":889007,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93El8kNOCOENtmASbvAVfwAAAgQFjA=="} 00423{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":894336,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/kAAP8GGqjAqPIPI7yauvdxK1cI4Q22JfJDT1AQEgCKBAAAAAAAAAAA"} @@ -106,7 +106,7 @@ 00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1536716402804,"flow_last_seen":1536716407003,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00573{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":116756,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"GLQwJjRAAJD7JidrCABFAACbebVAAEARWzrAqPIBwKjyDwA1znEAh2X7MiOBgAABAAIAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAHADAAFAAEAAAB4ACgRZWMyLTM1LTE3NC04Mi0yMzcJY29tcHV0ZS0xCWFtYXpvbmF3c8AywEcAAQABAAjtKQAEI65S7Q=="} 00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}} -00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1536716407119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1536716407119,"flow_last_seen":1536716407119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":119984,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCAAAP8GYljAqPIPI65S7fdyK1cI7G5zAAAAAGACEgDD3QAAAgQEgAAA"} 00422{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":186187,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93Kf6ho7COxudGASaQOxbwAAAgQFtA=="} 00422{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":188905,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"} @@ -123,7 +123,7 @@ 00584{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":486645,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiMCYAAP8GYdzAqPIPI65S7fdyK1cI7HJPn+odHVAYDx+\/0QAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQYzy6ryDEujkZ2T+O19ZqyWNx5+FQrxlzTPBdpP9gztpQhKCX5iltTclThZpeFGoN8\/JlPFRlM2BsZDWYQZX1pDRaFiJ6oKEh+8AZIhz0AD9Bd2Fw+dpNEUXaUEa9Y3aWUtTg="} 01272{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":549606,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdMnRAAC0G75MjrlLtwKjyDytX93Kf6h0dCOxyyVAYcRDTcQAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQYzy4dy2T3uPHoJ5nDkHN5aOILK\/s0WecYf6P8S5FsG4cRnGvPUqp0bkK7R+RTjACAMHxtDciQOXBsmeSoSCTV1D0wlWNVeBu0ghnZ0IongGwrBGbaef67k11IXiS\/KcMV5aATZIzGi\/uHV6tkHJqfo4Ltfvil\/UngR8KDKi3yz6ZTCF6fqdsJ2yb9VQ1EbUuMA0OjIak+3myS06OAON6R567\/fINVJIzGc7LwDdXbK6bZT+rSnLO\/70HvJ\/4GRYr\/V3yDybJNfmHQ9Mt5EZvO6hmjKg8fghDdikOMV0amqoAijgMNo2RMJdfJP3zTqazQtCMPVftqnGXdQIabgeMEZvbu7gnYSZC3LPXgse0x40+KIcTTlF0Tnk2nG4NWd0SID6H0HYpk7uM+VWZeDhpHohnMGNgYb0+DrV5fzQqtWqWYSlYMKWV2L3Yu5pEU38j8NsYrO2YJ6MApWm\/sZlC6dtsvFHPSPyAp0S83G7IzHir+G5x5\/Zfl0XdNcMrcBLzbhJpN\/bKKcARCJfC+VbX4Z3TrfGOao\/WBoWsaz8M35OhLYwzwjqLDt\/4u1aUzx4gpHpg7eVddmcWFUXaEBTqhfEUccjF48C+kEUT7GxDBXc3ov0aYEbjYLVQDbtO8Ixbn\/kpiezH5l0cGPQGURjvXIBDXz6s76Iy9iJocif9O+L9eRwc9hudufPA9XFt3OoLUbcAL+CoZyrLlxeOULNuLLJLeV2GnHyLdgGmegolNO4bWuNjECt65xxXDr6dWG8OgkT7iWwVgo1rkZA6j7XJWbrmVJzeQwzFngRtmdVI="} 00423{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":559472,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCcAAP8GYlXAqPIPI65S7fdyK1cI7HLJn+ofklAQEgAWhQAAAAAAAAAA"} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1536716409847,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1536716409847,"flow_last_seen":1536716409847,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":847406,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"} 00423{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":908176,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="} 00422{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":910872,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"} @@ -144,13 +144,13 @@ 00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00455{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717427,"pkt_ts_usec":961883,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00455{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717427,"pkt_ts_usec":984158,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEMFAAAP8RJfbAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00475{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":84913,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUzkdAAEARBu\/AqPIBwKjyDwA1znEAQGW0Tp6BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1536717428089,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1536717428089,"flow_last_seen":1536717428089,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":89363,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMFEAAP8GGkzAqPIPI7yauvd0K1cJA0ANAAAAAGACEgCqTwAAAgQEgAAA"} 00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":146200,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93SD5IA7CQNADmASbvBIIgAAAgQFjA=="} 00424{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":152738,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFIAAP8GGk\/AqPIPI7yauvd0K1cJA0AOg+SAPFAQEgC8pwAAAAAAAAAA"} @@ -171,7 +171,7 @@ 00710{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1536717427961,"flow_last_seen":1536717449934,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00574{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":88270,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"GLQwJjRAAJD7JidrCABFAACb\/6BAAEAR1U7AqPIBwKjyDwA1znEAh2X7YUyBgAABAAIAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAHADAAFAAEAAAB3ACgRZWMyLTM1LTE3NC04Mi0yMzcJY29tcHV0ZS0xCWFtYXpvbmF3c8AywEcAAQABAAjpFgAEI65S7Q=="} 00710{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":673,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1536717450091,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1536717450091,"flow_last_seen":1536717450091,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":91191,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMG8AAP8GYgnAqPIPI65S7fd1K1cJDrE1AAAAAGACEgCA9gAAAgQEgAAA"} 00423{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":156309,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="} 00423{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":159277,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"} @@ -191,7 +191,7 @@ 00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1536718052990,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00423{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718052,"pkt_ts_usec":990525,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00422{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718053,"pkt_ts_usec":59160,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} 00422{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718053,"pkt_ts_usec":62757,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"} @@ -209,12 +209,12 @@ 01275{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":427492,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdsfhAAC0GcA8jrlLtwKjyDytX93aQyeE0CRovZVAYcRBJ9AAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQYuSDinmqKzVmF\/eXMTOuZcdK+ib75BwO2oRGiiEDaK+3Pnw6Qs3C2noqSiwxhZsWJqdX1dyfTcKsrWwY6rO88+9mzSYz7OLdrdI3Slhl6kFBlRJX1kIcqD9ANTwvp+eTpzPxf3v2eUNECf4c1wvLKvfCJ2DzlvA+9R22EhnwlvZ\/jXuZ4phZepXDYHL\/B3Ss7IGKhJqNLeKkNPk25T3KCgYS54n\/QME\/NXSW1MnR1xtMeue+XPaQa+H\/sQSz+Jftw5+hEy1LhPQrs4pdXJFqRa4dLsnZde2pfv9bCWv+7g4e0jB+2u8pZ8agAkiO4w5ENbZ5RETWjHG+3czkYpXrKJ0sVYYZ0QMi2ckLWdLtdUEbKekl9junNF7tzxieYQO44X4FWADbiNFAL0YXsSu8dJZnutXQtU1DTEumsVdmK8\/YJW\/J1Ra5OniITRIzML7ukbj8J0uachhaLaUkjn5HJHDNQhhapIVEhlCRmOA6uG\/uNuT3SJP7\/5GaOxIzMsS+8HpIlBYra8Eqqtf71DzobHQta6dCKrA3HOPFkSqdxhABE2ev1QwKTvtA4TFr1G0l3s4cWsd\/LI1urCmjHwxJNKWPepNStz+IayuBnhlcYYVQjYFVcm9HCNy046dvNAzpSWuf8rCZg0ZiIkgveI5XtAdGedXl56vAdgQGvLl1ctNPHojREl\/N2ClrxOHSQOHDPpgB\/5Ietx76wgHSTe3iphyBZWgFW4P\/iZ2CTKja71Kgqv6dIFclTSEBenmTt6a+aEnlQUOlUkb0\/KXZkWP1a5v+iBRUsfhAZg\/KIQeI="} 00424{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":437112,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJIAAP8GYerAqPIPI65S7fd2K1cJGi9lkMnjqVAQEgCkwAAAAAAAAAAA"} 00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":775,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00455{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718202,"pkt_ts_usec":959606,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00475{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718202,"pkt_ts_usec":959785,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUb5VAAEARZaHAqPIBwKjyDwA1znEAQGW0wpuBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1536718202984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1536718202984,"flow_last_seen":1536718202984,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00423{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718202,"pkt_ts_usec":984094,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMJsAAP8GGgLAqPIPI7yauvd3K1cJJajVAAAAAGACEgBBYgAAAgQEgAAA"} 00422{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718203,"pkt_ts_usec":39605,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93fElurmCSWo1mASbvAz1wAAAgQFjA=="} 00422{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718203,"pkt_ts_usec":42198,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJwAAP8GGgXAqPIPI7yauvd3K1cJJajWxJbq51AQEgCoXAAAAAAAAAAA"} @@ -231,7 +231,7 @@ 01038{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":306592,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMKEAAP8GGDnAqPIPI7yauvd3K1cJJatixJbtx1AYDyCARAAAxQEQEwEAAAA2nicAADC0GAQAAAACMLQYySim\/6WfDHyGhiYdkOdlffoUo+Ifpc1p5N2K5+L8oe31Ch6pwdfuUuAwXADSEGtH0AWRKDzXHJQUXtIfsfhk\/dOO\/P8MfUa7yj+4duxp+HzQRSQnbUKMWWJTc68VzUG6DtxH9F3a7neZ8jZnPvu9v9V1OYIY3\/pSKATwhNAM3o+tNJoWdA8sclQpsC0+nbA+qKxcY5GthBmQHi9wYGQrY1tkU2N7BSpvRLFFZENSy63DS1B+qeHaGLGpOK+KZAi1qFlF0DLrBmvYreuNJRrzWcJQmbaN+WhJrborLuntUQxFr99USFjOoG\/iLho1cuo4ncOqXf+Ihdd0TdjoHYMFa0a\/\/AGIWn0rBCW+ZL0L7xEUMnVdQ6O9MHcKTEAaYb7uqDneE6O6V\/yotDZzUKxTW5U4Vxzxa8N4O266kptCnUs0N+\/JeA25LOJkeHazeWdVfb+L5SvW7Xb9VtbwJIgILLYtSP6OIl2f8UpZvj4YXvA8Ucky4GpNjZOFWBrbL10SmY\/txKHJH7bgZUP7HA+gDvUAe4\/PZOW3M81k8M75cZYOAyQHtjCbTkP5EXMfwXQ="} 00496{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":359195,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABfdONAADcGXYcjvJq6wKjyDytX93fElu3HCSWtKVAYdUBzegAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQYySigtyBx\/khTQjemURb\/Qs+w7XQP60GdxNpwF6Jvbg=="} 01038{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":372654,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMKIAAP8GGDjAqPIPI7yauvd3K1cJJa0pxJbt\/lAYDumVYQAAxQEQEwIAAAA2nicAADC0GAQAAAACMLQYySj2gOCU5OUe+hKIMqISfhEJUZTxcbRhi4Zjm1PMuTVRzBWgvxlv2kfHKDUXJqiAwSDszOCybiev996mpGlBr3j\/r6gkAXuuRTyK3GpQ0CWUcjk39\/UuNA8irC7ymwxtoIQR\/cEFeqZ9O4aMCKICY1hdU\/5p43y20AHxz8j0FZIBv3+wStJEGGAsh4rj0GpPc68V0HumhHqgdtBuLt7rMBKtOPn2\/Gw+M7o2ZPrvmOOmOmzogsyIUXeYyJQyQG2t8CgmTtOPP\/f7L3n8a9ulfVGBKMeiSf5CODdfiOrUGeloOWvjNLTHHsWwkGkEjIMEdNH06bog7hPXHOfxzQMBSxFnlLeaHgxvGX\/4Jo2iAnujkr7sBUWsbdpFQYhUIQ7MYT2sOFCheIiTAtuxz0jw9WCvA\/OnIhfzPXVEKc1zrQH6raizlc401D7XypPqQaAVqtGHQkteOcH2kSWTL8vmESxsXgKLwvkaYdy\/gF3RwED9N\/vMPX9AYIgnJeGGLpe0Xd3nH+TZovEmMCiLrOy95303Un1qCc9z9hOU7WdW9ULp75W6KJaBtsv742zp12g="} -00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1536718206572,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1536718206572,"flow_last_seen":1536718206572,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00423{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718206,"pkt_ts_usec":572751,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"} 00423{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718206,"pkt_ts_usec":638073,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="} 00424{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718206,"pkt_ts_usec":640512,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"} @@ -248,7 +248,7 @@ 00585{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718208,"pkt_ts_usec":945900,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiML0AAP8GYUXAqPIPI65S7fd4K1cJMSm+5vF+0lAYDyCI4wAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQY\/ShK0JLmziBERUFnGG0cwYT5bCaOFhPKR4uycJ3vJGk8vwstkOwQb+MkapwZeHB+v5UdsgTG+DBzLtOB3L0zWSOlSNeHiCGqolQAqCBhm9+\/qzANLhbJTQB3xKp7uCIvees="} 01271{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":9058,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdfm5AAC0Go5kjrlLtwKjyDytX93jm8X7SCTEqOFAYcRDrOwAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQY\/SjG21LhIa72I6MxufV\/e+zFbjYn88L8VGuYMHImo+YXoCEKyg6eNPc7YLFfCOr7EkERSelfsamWTS8cpNlR9e535EZICJFdTAKOg+iFKvvWn2lh7aCf3lssBRd33BwbB\/LDe\/r6hddy\/LsL7EafeDSLZCOkNRuZHVZTrU7itNxYetrUTLEDENkX5nzBmvGOiCPoqLZYBSNFAK5X1mXN3g7RSAi7jkcwe2roMoBnbzsqKFlpJDYBXTFmRv5xqfVSKoqbJj2BmjjLMujD7tk57ByiU8gMMayXLRlM+QNAHfjYGbrq\/SOiCBe0hVJ7t6oQv3nFBVFdI5tpEAGT1sDRlxdKzvLH3WoHN5Z8q9mO3bE40B7I0uFYzdg8c8ZU5AWoGkscU9eTIREJf\/Z0ESij5+8DxKftH8mOVjV7dVF1b\/LHUAkAezZFXcV7u3sjB73rzGT3C59IxWsbstKMlWXOpOHLNJh64m3\/iItTzAQK\/4qBPdQ6t4QQo+k5BsZtzSr4sR5oZggAQ\/Ylmg7w+QjP6ZR2jFjL9jPYGCB7JmE5EkDqZiDU9nF6kPWvgz4cAmBIk6JEsibjOWig9J9YRd2e2CP0+6ecPeQqmITCbUlz1K7iIXr1hsOFYS2WrpXt1kNCSifLiO\/ua97ANFXwkWpWEpYh72yDpqyOwdPCFq24QsBytqt5Kzl3AkU9YBl3J\/wtEUsDN\/uyS107Nq1NiFSoq23YH9na5iDWP5QEIvGGOgkri2FfatYHj6cijvbN3un7F7jDO3MLYNEQ2JXIv8MrcUtMB9eQRZIXohzlvDY="} 00423{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":19114,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoML4AAP8GYb7AqPIPI65S7fd4K1cJMSo45vGBR1AQEgC2DgAAAAAAAAAA"} -00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1536718209313,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1536718209313,"flow_last_seen":1536718209313,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00423{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":313555,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"} 00423{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":383517,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="} 00423{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":385963,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"} |