diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-01-08 02:16:00 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-01-09 11:24:40 +0100 |
| commit | 464450486b7021ff5a070c7dfebf45fb542331fd (patch) | |
| tree | 4475d141bdcf865257f015db8d424ac52528b6e3 /test/results/pps.pcap.out | |
| parent | 655393e953086ec24ee18e07b022c6863c5dda5d (diff) | |
bump libnDPI to a944514ddec73f79704f55aab1423e39f4ce7a03
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/pps.pcap.out')
| -rw-r--r-- | test/results/pps.pcap.out | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out index 8559863a2..a1a246f78 100644 --- a/test/results/pps.pcap.out +++ b/test/results/pps.pcap.out @@ -58,6 +58,7 @@ 00852{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":725,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136804834,"flow_dst_last_pkt_time":1467353136804280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":8520,"midstream":0,"thread_ts_usec":1467353136804834,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833095,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833095,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136833095,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1467353136833095,"pkt":"TF4M6gNlABxCjnAxCABFAACIADsAAIARBNXAqHMI2j0nZ1kJRXwAdM6LbABEsXEiUCg6x2bnNgAAAQADAAAAwKhzCAlZCtIsqwEGdAZ0b\/pmQpw8UwQ938xDXiteKyTtmkXcENwQJOknUZ5InkhvdWVRsieyJz3jqlgDTwNPynAfWaJVkHF5+IVd1THVMQGvgGhBFEEU"} +00907{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833095,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833095,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833300,"flow_src_last_pkt_time":1467353136833300,"flow_dst_last_pkt_time":1467353136833300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136833300,"flow_dst_last_pkt_time":1467353136833300,"flow_idle_time":200000000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467353136833300,"pkt":"TF4M6gNlABxCjnAxCABFAAA0ADwAAIARiZ7AqHMI0iyrAVkJdAYAIJjSFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833392,"flow_src_last_pkt_time":1467353136833392,"flow_dst_last_pkt_time":1467353136833392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833392,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -115,6 +116,7 @@ 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1467353136836552,"flow_dst_last_pkt_time":1467353136835425,"flow_idle_time":200000000,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1467353136836552,"pkt":"TF4M6gNlABxCjnAxCABFAACwAE4AAIARA3zAqHMIcimQmVkJKPwAnKXdWYAdDAwuflZsq80qHB0d4ujhuC\/oo6FIkiga8TBMVS4Tp83Nzc3NwMDDw8PDwsLC+Pj4+NjY2JiMjJDSXCwdWxzAmgFq3X\/9zU6MtBnZcQIKHhw9Oj4+NDQ0NDQ0ERAK8vLy8vDw8PDw8PPzJfVMtrYO1WWhbcXFCaFsiYlF7c3lANbQu6q159DFAFA7BwEAAAAAAA=="} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136836991,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136836991,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136836991,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1467353136836991,"pkt":"TF4M6gNlABxCjnAxCABFAABQAE8AAIARqA3AqHMItz2nUlkJRXwAPIb+NABEsXHrELXWDJoXvQAAAQACAAAAwKhzCAlZA9IvDBPKg8qD0i8MFMqDyoNyL1uBMFgwWA=="} +00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136836991,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136836991,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837135,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837135,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136837135,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467353136837135,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFAAAIARKHbAqHMI0i8ME1kJg8oAIH8VFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837248,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837248,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -130,10 +132,13 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136837566,"flow_dst_last_pkt_time":1467353136837566,"flow_idle_time":200000000,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1467353136837566,"pkt":"TF4M6gNlABxCjnAxCABFAABJAFMAAIARkAbAqHMI3IKaF1kJjGUANbV3LYBpf3+UhDHn63Fm29raJCQtdHV9SUi43d3d0dGxsfr+\/v5V\/5XV18\/Pz6cA"} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136837852,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136837852,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136837852,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFQAAIARBODAqHMI2j0nV1kJRXwAYC8EWABVcnEAAAAAx2bnNgcAAAAAAAAAFJfHSwLp2roy68F8GXs9tGoAAAAAGAAAAAYAAAANKAICAAAAAwAYAMCocwgJWRcAAAsKAAAAAAAlAfAI8dQdAAAAAA=="} +00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136837852,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838051,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838051,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136838051,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838051,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="} +00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838051,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838051,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838171,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838171,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136838171,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838171,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFYAAIARp8zAqHMItz2naFkJRXwAYEeGWABVcnEAAAAAyMXU\/wcAAAAAAAAAFADpSP+bPHc9KoW3YGEXtKMAAAAAAAAAAAYIAAANKAIBAAAACAAYAMCocwgJWRcAACUKAAAAAAAlActw35cdAAAAAA=="} +00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838171,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838171,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136838372,"flow_dst_last_pkt_time":1467353136837566,"flow_idle_time":200000000,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1467353136838372,"pkt":"TF4M6gNlABxCjnAxCABFAABJAFMAAIARkAbAqHMI3IKaF1kJjGUANbV3LYBpf3+UhDHn63Fm29raJCQtdHV9SUi43d3d0dGxsfr+\/v5V\/5XV18\/Pz6cA"} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838373,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFQAAIARBODAqHMI2j0nV1kJRXwAYC8EWABVcnEAAAAAx2bnNgcAAAAAAAAAFJfHSwLp2roy68F8GXs9tGoAAAAAGAAAAAYAAAANKAICAAAAAwAYAMCocwgJWRcAAAsKAAAAAAAlAfAI8dQdAAAAAA=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838373,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="} @@ -196,7 +201,7 @@ 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1467353142534251,"flow_dst_last_pkt_time":1467353142600485,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353142600485,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWdAADMGEM\/KbA7swKhzCABQxSeRl6b7geube1AYACTHuAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_usec":1467353144633895,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="} -00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144819974,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01009{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":3285032704,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_usec":1467353144819974,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"} 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144819974,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cmc.tanx.com","http": {"url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}} @@ -355,18 +360,18 @@ 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00893{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":11,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136952179,"flow_dst_last_pkt_time":1467353136908132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":1258,"flow_dst_tot_l4_payload_len":11715,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834125,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834293,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834211,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835425,"flow_src_last_pkt_time":1467353136837502,"flow_dst_last_pkt_time":1467353136835425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833527,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -401,10 +406,10 @@ 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1467353190062486,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1467353190062486,"pkt":"AQBef\/\/6cBiLE+IdCABFAAILI6kAAAER3nDAqAUm7\/\/\/+gdsB2wB92DxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190110976,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190168494,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190168494,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPRAADMGJVPKbA7bwKhzCABQxHdtLPipvNGQx1AYAMQhYwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190168494,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190168494,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190178778,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353190178778,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAlEAAAERAT3AqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190235492,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190235492,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190634365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190634365,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -510,9 +515,9 @@ 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2549,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353201861524,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDlEAAAER9S\/AqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_usec":1467353202192448,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="} -01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} 02196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192450,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"} -01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} +01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1467353202192451,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192451,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2554,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1467353202370500,"pkt":"ABxCjnAxTF4M6gNlCABFKABnuC1AADIG5X1N6ikjwKhzCABQwBY\/zzDvxn1A6VAYAAK2BwAAGHlgf4CvXzDNyxhLrqYUmmf6SBgwHBuCF2rQFuhe9Y1hgbwLb15JZ+tTfmuYp\/S8QVNXU2lnMkINCjANCg0K"} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":3285032704,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1467353202428117,"pkt":"TF4M6gNlABxCjnAxCABFAAFWNPFAAIAGGfPAqHMITeopI8AWAFDGfUDpP88xLlAYAfC3\/AAAR0VUIC9SL0EzZ0tJRGxqWTJJM09Ea3lNMk5pTVRSbE1UQmlOelJtWkdRM09URTRPRGRoTkRabEVnUUNNQVlXR0tBRUlnSF9LZ2NJQkJEbXpObERLZ2NJQXhDcm5fdEJNZ29JQkJEbXpObERHSUFLT00yUmhGaENJQ3NCNTkzdkt4UTZjVnpBZ0NMX2I5WFdsc0ZRVng3NTRaZ0NIdjFYYVZwMVNJQ0NtQWc9IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NClByYWdtYTogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkhvc3Q6IHN1LmZmLmF2YXN0LmNvbQ0KDQo="} @@ -596,8 +601,7 @@ 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353138931591,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353139050485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":653,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":653,"flow_dst_max_l4_payload_len":690,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":690,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00848{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00944{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353165563016,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165659884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":950,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":950,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":187,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144913514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":229,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":229,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834125,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -622,16 +626,12 @@ 00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1467353189820488,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":665,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00846{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00759{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00848{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} +00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353180830424,"flow_src_last_pkt_time":1467353195837489,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -654,18 +654,18 @@ 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1467353189784236,"flow_src_last_pkt_time":1467353196145488,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":511,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-payload-len":2121102,"total-not-detected-flows":34,"total-guessed-flows":2,"total-detected-flows":71,"total-detection-updates":2,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":657,"global_ts_usec":1467353203157237} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-payload-len":2121102,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":2,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":657,"global_ts_usec":1467353203157237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2557/2557 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2121102 bytes -~~ total detected protocols..: 71 +~~ total detected protocols..: 76 ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6718075 bytes -~~ total memory freed........: 6718075 bytes -~~ total allocations/frees...: 127095/127095 +~~ total memory allocated....: 6723964 bytes +~~ total memory freed........: 6723964 bytes +~~ total allocations/frees...: 127111/127111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 488 chars ~~ json string max len.......: 2220 chars |