diff options
| author | lns <matzeton@googlemail.com> | 2022-04-26 11:30:41 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2022-04-26 11:44:31 +0200 |
| commit | 4fde63b5c27f0e3b809545d9e877c2218148b475 (patch) | |
| tree | 9948cc99596bff54a234654fe5bc4584c9620037 /test/results/ocs.pcap.out | |
| parent | 0385653023d21ac693ecc4d47070a244739507c2 (diff) | |
Small fixes.
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/ocs.pcap.out')
| -rw-r--r-- | test/results/ocs.pcap.out | 210 |
1 files changed, 105 insertions, 105 deletions
diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out index 36f643c28..44df68e95 100644 --- a/test/results/ocs.pcap.out +++ b/test/results/ocs.pcap.out @@ -1,110 +1,110 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocs.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1449652784341} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652784341,"flow_last_seen":1449652784341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652784341,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1449652784341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652784341,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1449652786071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":63,"pkt_l4_len":43,"thread_ts_msec":1449652786071,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocu03.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1449652786098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":70,"pkt_l4_len":50,"thread_ts_msec":1449652786098,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"dns": {"query":"settings.crashlytics.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1449652786130,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":67,"pkt_l4_len":47,"thread_ts_msec":1449652786130,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"api.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786135,"flow_last_seen":1449652786135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786135,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1449652786135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786135,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786152,"flow_last_seen":1449652786152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786152,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1449652786152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786152,"pkt":"RQAAPCFLQABABqbpwKi0AhcV5seZXwG7KAKjIAAAAACgAjkIs5MAAAIEBbQEAggKADWCawAAAAABAwMG"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786167,"flow_last_seen":1449652786167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786167,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1449652786167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786167,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"} -00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1449652786190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786190,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="} -01476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1449652786215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":824,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":824,"pkt_l4_len":804,"thread_ts_msec":1449652786215,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786135,"flow_last_seen":1449652786215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1449652786215,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30"}} -00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1449652786268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786268,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="} -00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1449652786271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":211,"pkt_l4_len":191,"thread_ts_msec":1449652786271,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786167,"flow_last_seen":1449652786271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1449652786271,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786395,"flow_last_seen":1449652786395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786395,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1449652786395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786395,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"} -00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1449652786500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786500,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="} -00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1449652786501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_msec":1449652786501,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786395,"flow_last_seen":1449652786501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652786501,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1449652786934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_msec":1449652786934,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787003,"flow_last_seen":1449652787003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787003,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1449652787003,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787003,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"} -00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1449652787075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787075,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="} -00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1449652787100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652787100,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787003,"flow_last_seen":1449652787100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652787100,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1449652787155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787155,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"} -00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1449652787273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787273,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} -00980{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1449652786152,"flow_last_seen":1449652787289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1449652787289,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"tls": {"version":"TLSv1","client_requested_server_name":"settings.crashlytics.com","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1449652787507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":77,"pkt_l4_len":57,"thread_ts_msec":1449652787507,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"xmpp.device06.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787596,"flow_last_seen":1449652787596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787596,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1449652787596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787596,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787983,"flow_last_seen":1449652787983,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787983,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1449652787983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787983,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1449652788016,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":61,"pkt_l4_len":41,"thread_ts_msec":1449652788016,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocs.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1449652788067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788067,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="} -01332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1449652788082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":715,"pkt_l4_len":695,"thread_ts_msec":1449652788082,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="} -00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787983,"flow_last_seen":1449652788082,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1449652788082,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788109,"flow_last_seen":1449652788109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652788109,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1449652788109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788109,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"} -00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1449652788188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788188,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="} -00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1449652788195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_msec":1449652788195,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652788109,"flow_last_seen":1449652788195,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1449652788195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1","client_requested_server_name":"ocs.labgency.ws","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1449652788595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788595,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1449652790602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652790602,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"} -00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652787983,"flow_last_seen":1449652790713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1449652790713,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652792355,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652797357,"flow_last_seen":1449652797357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652797357,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1449652797357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652797357,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1449652797427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652797427,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="} -00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1449652797442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_msec":1449652797442,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652797357,"flow_last_seen":1449652797442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1449652797442,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1449652798230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":65,"pkt_l4_len":45,"thread_ts_msec":1449652798230,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798305,"flow_last_seen":1449652798305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652798305,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1449652798305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652798305,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1449652798386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652798386,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="} -00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1449652798392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652798392,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652798305,"flow_last_seen":1449652798392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652798392,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1449652842535,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":56,"pkt_l4_len":36,"thread_ts_msec":1449652842535,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="} -00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"www.ocs.fr","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842628,"flow_last_seen":1449652842628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652842628,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1449652842628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652842628,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1449652842700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652842700,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="} -00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1449652842701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":204,"pkt_l4_len":184,"thread_ts_msec":1449652842701,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652842628,"flow_last_seen":1449652842701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1449652842701,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} -00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652842628,"flow_last_seen":1449652843470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1449652843470,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1449652842628,"flow_last_seen":1449652846380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1449652786395,"flow_last_seen":1449652787578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Azure","breed":"Acceptable","category":"Cloud"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652786152,"flow_last_seen":1449652788767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1683,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786167,"flow_last_seen":1449652786398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652788109,"flow_last_seen":1449652791955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5041,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652797357,"flow_last_seen":1449652797774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":751,"flow_first_seen":1449652787983,"flow_last_seen":1449652839371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} -00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786135,"flow_last_seen":1449652787495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1449652787003,"flow_last_seen":1449652787811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":373,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652798305,"flow_last_seen":1449652798887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652784341,"flow_last_seen":1449652784341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652784341,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1449652784341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652784341,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1449652786071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":63,"pkt_l4_len":43,"thread_ts_msec":1449652786071,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocu03.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1449652786098,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":70,"pkt_l4_len":50,"thread_ts_msec":1449652786098,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"dns": {"query":"settings.crashlytics.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1449652786130,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":67,"pkt_l4_len":47,"thread_ts_msec":1449652786130,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"api.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786135,"flow_last_seen":1449652786135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786135,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1449652786135,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786135,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786152,"flow_last_seen":1449652786152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786152,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1449652786152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786152,"pkt":"RQAAPCFLQABABqbpwKi0AhcV5seZXwG7KAKjIAAAAACgAjkIs5MAAAIEBbQEAggKADWCawAAAAABAwMG"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786167,"flow_last_seen":1449652786167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786167,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1449652786167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786167,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"} +00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1449652786190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786190,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="} +01476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1449652786215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":824,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":824,"pkt_l4_len":804,"thread_ts_msec":1449652786215,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786135,"flow_last_seen":1449652786215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1449652786215,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30"}} +00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1449652786268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786268,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1449652786271,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":211,"pkt_l4_len":191,"thread_ts_msec":1449652786271,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786167,"flow_last_seen":1449652786271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1449652786271,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786395,"flow_last_seen":1449652786395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786395,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1449652786395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786395,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1449652786500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786500,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1449652786501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_msec":1449652786501,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786395,"flow_last_seen":1449652786501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652786501,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1449652786934,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_msec":1449652786934,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787003,"flow_last_seen":1449652787003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787003,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1449652787003,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787003,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1449652787075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787075,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1449652787100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652787100,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787003,"flow_last_seen":1449652787100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652787100,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1449652787155,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787155,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1449652787273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787273,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} +00980{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1449652786152,"flow_last_seen":1449652787289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1449652787289,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"tls": {"version":"TLSv1","client_requested_server_name":"settings.crashlytics.com","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1449652787507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":77,"pkt_l4_len":57,"thread_ts_msec":1449652787507,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"xmpp.device06.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787596,"flow_last_seen":1449652787596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787596,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1449652787596,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787596,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787983,"flow_last_seen":1449652787983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787983,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1449652787983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787983,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1449652788016,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":61,"pkt_l4_len":41,"thread_ts_msec":1449652788016,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocs.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1449652788067,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788067,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="} +01332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1449652788082,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":715,"pkt_l4_len":695,"thread_ts_msec":1449652788082,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="} +00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787983,"flow_last_seen":1449652788082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1449652788082,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788109,"flow_last_seen":1449652788109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652788109,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1449652788109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788109,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1449652788188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788188,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1449652788195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_msec":1449652788195,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652788109,"flow_last_seen":1449652788195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1449652788195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1","client_requested_server_name":"ocs.labgency.ws","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1449652788595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788595,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1449652790602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652790602,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"} +00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652787983,"flow_last_seen":1449652790713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1449652790713,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1449652792355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652792355,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652797357,"flow_last_seen":1449652797357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652797357,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1449652797357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652797357,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1449652797427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652797427,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="} +00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1449652797442,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_msec":1449652797442,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652797357,"flow_last_seen":1449652797442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1449652797442,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1449652798230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":65,"pkt_l4_len":45,"thread_ts_msec":1449652798230,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798305,"flow_last_seen":1449652798305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652798305,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1449652798305,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652798305,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1449652798386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652798386,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1449652798392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652798392,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652798305,"flow_last_seen":1449652798392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652798392,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1449652842535,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":56,"pkt_l4_len":36,"thread_ts_msec":1449652842535,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="} +00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"www.ocs.fr","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842628,"flow_last_seen":1449652842628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652842628,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1449652842628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652842628,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1449652842700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652842700,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1449652842701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":204,"pkt_l4_len":184,"thread_ts_msec":1449652842701,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652842628,"flow_last_seen":1449652842701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1449652842701,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} +00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652842628,"flow_last_seen":1449652843470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1449652843470,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1449652842628,"flow_last_seen":1449652846380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1449652786395,"flow_last_seen":1449652787578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Azure","breed":"Acceptable","category":"Cloud"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652786152,"flow_last_seen":1449652788767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1683,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786167,"flow_last_seen":1449652786398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652788109,"flow_last_seen":1449652791955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5041,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652797357,"flow_last_seen":1449652797774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":751,"flow_first_seen":1449652787983,"flow_last_seen":1449652839371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786135,"flow_last_seen":1449652787495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1449652787003,"flow_last_seen":1449652787811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":373,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652798305,"flow_last_seen":1449652798887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-data-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":108,"global_ts_msec":1449652846380} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 946/946 |