diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-12-15 23:25:32 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-20 00:50:38 +0100 |
| commit | 9e07a57566cc45bf92a845d8cee968d72e0f314e (patch) | |
| tree | 8f1a6bfd08bd68a5253fadf3a01beecda77b1c95 /test/results/rtsp.pcap.out | |
| parent | a35fc1d5ea8570609cc0c8cf6edadc81f8f5bb76 (diff) | |
Major nDPId extension. Sorry for the huge commit.
- nDPId: fixed invalid IP4/IP6 tuple compare
- nDPIsrvd: fixed caching issue (finally)
- added tiny c example (can be used to check flow manager sanity)
- c-captured: use flow_last_seen timestamp from `struct nDPIsrvd_flow`
- README.md update: added example JSON sequence
- nDPId: added new flow event `update` necessary for correct
timeout handling (and other future use-cases)
- nDPIsrvd.h and nDPIsrvd.py: switched to an instance
(consists of an alias/source tuple) based flow manager
- every flow related event **must** now serialize `alias`, `source`,
`flow_id`, `flow_last_seen` and `flow_idle_time` to make the timeout
handling and verification process work correctly
- nDPIsrvd.h: ability to profile any dynamic memory (de-)allocation
- nDPIsrvd.py: removed PcapPacket class (unused)
- py-flow-dashboard and py-flow-multiprocess: fixed race condition
- py-flow-info: print statusbar with probably useful information
- nDPId/nDPIsrvd.h: switched from packet-flow only timestamps (`pkt_*sec`)
to a generic flow event timestamp `ts_msec`
- nDPId-test: added additional checks
- nDPId: increased ICMP flow timeout
- nDPId: using event based i/o if capturing packets from a device
- nDPIsrvd: fixed memory leak on shutdown if remote descriptors
were still connected
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/rtsp.pcap.out')
| -rw-r--r-- | test/results/rtsp.pcap.out | 194 |
1 files changed, 60 insertions, 134 deletions
diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out index 2a1a2cad5..3a42d9501 100644 --- a/test/results/rtsp.pcap.out +++ b/test/results/rtsp.pcap.out @@ -1,139 +1,65 @@ -00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255} -00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00611{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506127,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00611{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506139,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00611{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506145,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00611{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506259,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00415{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506384,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAACiNPUAAQAaWhAoCAgIKAQEKIWrM9mEHb8I74nAXUBAB9SutAAAAAAAAAAA="} -00407{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506387,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAACiNPUAAPwaXhAoCAgIKAQEKIWrM9mEHb8I74nAXUBAB9SutAAA="} -00415{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506400,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAACiNPkAAQAaWgwoCAgIKAQEKIWrM9mEHb8I74nAXUBQB9SupAAAAAAAAAAA="} -00407{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506401,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAACiNPkAAPwaXgwoCAgIKAQEKIWrM9mEHb8I74nAXUBQB9SupAAA="} -00415{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506406,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAACiNPUAAPwaXhAoCAgIKAQEKIWrM9mEHb8I74nAXUBAB9SutAAAAAAAAAAA="} -00417{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506437,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAACiNPUAAQAaWhAoCAgIKAQEKIWrM9mEHb8I74nAXUBAB9SutAAAAAAAAAAA="} -00417{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506437,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAACiNPkAAQAaWgwoCAgIKAQEKIWrM9mEHb8I74nAXUBQB9SupAAAAAAAAAAA="} -00417{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567277,"pkt_ts_usec":506605,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAACiNPkAAPwaXgwoCAgIKAQEKIWrM9mEHb8I74nAXUBQB9SupAAAAAAAAAAA="} -00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1627567279015,"flow_last_seen":1627567279015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00423{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":15763,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":15798,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00423{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":15800,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00423{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":15947,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00423{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":15948,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM+OIYv1ah37M7gBL68HgUAAACBAW0AQEEAgEDAwc="} -00423{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16022,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM+OIYv1ah37M7gBL68HgUAAACBAW0AQEEAgEDAwc="} -00423{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16025,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM+OIYv1ah37M7gBL68HgUAAACBAW0AQEEAgEDAwc="} -00423{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16046,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM+OIYv1ah37M7gBL68HgUAAACBAW0AQEEAgEDAwc="} -00416{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16180,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAChW5kAAgAaM2woBAQoKAgICzPghaqHfszviGL9XUBAEAq\/VAAAAAAAAAAA="} -00417{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16212,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAChW5kAAgAaM2woBAQoKAgICzPghaqHfszviGL9XUBAEAq\/VAAAAAAAAAAA="} -00409{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16214,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAChW5kAAfwaN2woBAQoKAgICzPghaqHfszviGL9XUBAEAq\/VAAA="} -00417{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":16271,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAAChW5kAAfwaN2woBAQoKAgICzPghaqHfszviGL9XUBAEAq\/VAAAAAAAAAAA="} -00567{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":29411,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAJxW50AAgAaMZgoBAQoKAgICzPghaqHfszviGL9XUBgEAgkDAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00567{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":29421,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAJxW50AAgAaMZgoBAQoKAgICzPghaqHfszviGL9XUBgEAgkDAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00567{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567279,"pkt_ts_usec":29426,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAJxW50AAfwaNZgoBAQoKAgICzPghaqHfszviGL9XUBgEAgkDAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00426{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":841836,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00426{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":841847,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00426{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":841853,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00426{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":841925,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00426{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842116,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM+t1rlYqfyYvogBL68M\/0AAACBAW0AQEEAgEDAwc="} -00426{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842119,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM+t1rlYqfyYvogBL68M\/0AAACBAW0AQEEAgEDAwc="} -00426{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842138,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM+t1rlYqfyYvogBL68M\/0AAACBAW0AQEEAgEDAwc="} -00426{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842169,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM+t1rlYqfyYvogBL68M\/0AAACBAW0AQEEAgEDAwc="} -00418{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842513,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAChXFUAAgAaMrAoBAQoKAgICzPohap\/Ji+jda5WLUBAgFOujAAAAAAAAAAA="} -00419{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842523,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAChXFUAAgAaMrAoBAQoKAgICzPohap\/Ji+jda5WLUBAgFOujAAAAAAAAAAA="} -00411{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842527,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAChXFUAAfwaNrAoBAQoKAgICzPohap\/Ji+jda5WLUBAgFOujAAA="} -00419{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":842622,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAAChXFUAAfwaNrAoBAQoKAgICzPohap\/Ji+jda5WLUBAgFOujAAAAAAAAAAA="} -00570{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":851945,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAJxXFkAAgAaMNwoBAQoKAgICzPohap\/Ji+jda5WLUBggFETRAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00570{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":851957,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAJxXFkAAgAaMNwoBAQoKAgICzPohap\/Ji+jda5WLUBggFETRAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00570{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567338,"pkt_ts_usec":851963,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAJxXFkAAfwaNNwoBAQoKAgICzPohap\/Ji+jda5WLUBggFETRAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00425{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644402,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644413,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644419,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644717,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00427{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644718,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM\/Dr\/J9ia8QF7gBL68G9XAAACBAW0AQEEAgEDAwc="} -00427{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644793,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM\/Dr\/J9ia8QF7gBL68G9XAAACBAW0AQEEAgEDAwc="} -00427{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644797,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM\/Dr\/J9ia8QF7gBL68G9XAAACBAW0AQEEAgEDAwc="} -00427{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":644910,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM\/Dr\/J9ia8QF7gBL68G9XAAACBAW0AQEEAgEDAwc="} -00418{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":645565,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAChXREAAgAaMfQoBAQoKAgICzPwhaprxAXs6\/yfZUBAEAqcYAAAAAAAAAAA="} -00419{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":645676,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAChXREAAgAaMfQoBAQoKAgICzPwhaprxAXs6\/yfZUBAEAqcYAAAAAAAAAAA="} -00411{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":645679,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAChXREAAfwaNfQoBAQoKAgICzPwhaprxAXs6\/yfZUBAEAqcYAAA="} -00419{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":645879,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAAChXREAAfwaNfQoBAQoKAgICzPwhaprxAXs6\/yfZUBAEAqcYAAAAAAAAAAA="} -00570{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":650712,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAJxXRUAAgAaMCAoBAQoKAgICzPwhaprxAXs6\/yfZUBgEAgBGAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00570{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":650725,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAJxXRUAAgAaMCAoBAQoKAgICzPwhaprxAXs6\/yfZUBgEAgBGAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00570{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567398,"pkt_ts_usec":650732,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAJxXRUAAfwaNCAoBAQoKAgICzPwhaprxAXs6\/yfZUBgEAgBGAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1627567406342,"flow_last_seen":1627567406342,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00425{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":342871,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00425{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":342884,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00425{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":342896,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00425{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":343006,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00418{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":344190,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAACgAAEAAQAYjwgoCAgIKAQEKIWrM\/gAAAAAaMX9zUBQAABC1AAAAAAAAAAA="} -00410{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":344192,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAACgAAEAAPwYkwgoCAgIKAQEKIWrM\/gAAAAAaMX9zUBQAABC1AAA="} -00418{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":344208,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAACgAAEAAQAYjwgoCAgIKAQEKIWrM\/gAAAAAaMX9zUBQAABC1AAAAAAAAAAA="} -00418{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":344546,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAACgAAEAAPwYkwgoCAgIKAQEKIWrM\/gAAAAAaMX9zUBQAABC1AAAAAAAAAAA="} -00425{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":848220,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXXEAAgAaMWQoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00426{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":848234,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXXEAAgAaMWQoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00426{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":848246,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXXEAAfwaNWQoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00426{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":848365,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRXXEAAfwaNWQoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00427{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":849047,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM\/vHHRicaMX9zgBL68J0FAAACBAW0AQEEAgEDAwc="} -00427{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":849052,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrM\/vHHRicaMX9zgBL68J0FAAACBAW0AQEEAgEDAwc="} -00427{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567406,"pkt_ts_usec":849097,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrM\/vHHRicaMX9zgBL68J0FAAACBAW0AQEEAgEDAwc="} -00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00425{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":882987,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883000,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883010,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883117,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00425{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883364,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrNAAtPydqqepX1gBL68Fj9AAACBAW0AQEEAgEDAwc="} -00425{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883369,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrNAAtPydqqepX1gBL68Fj9AAACBAW0AQEEAgEDAwc="} -00425{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883394,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrNAAtPydqqepX1gBL68Fj9AAACBAW0AQEEAgEDAwc="} -00425{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883471,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrNAAtPydqqepX1gBL68Fj9AAACBAW0AQEEAgEDAwc="} -00417{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883700,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAChXi0AAgAaMNgoBAQoKAgICzQAhaqp6lfULT8nbUBAgFHSsAAAAAAAAAAA="} -00418{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883710,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAChXi0AAgAaMNgoBAQoKAgICzQAhaqp6lfULT8nbUBAgFHSsAAAAAAAAAAA="} -00410{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883714,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAChXi0AAfwaNNgoBAQoKAgICzQAhaqp6lfULT8nbUBAgFHSsAAA="} -00418{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":883849,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAAChXi0AAfwaNNgoBAQoKAgICzQAhaqp6lfULT8nbUBAgFHSsAAAAAAAAAAA="} -00569{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":894186,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAJxXjEAAgAaLwQoBAQoKAgICzQAhaqp6lfULT8nbUBggFM3ZAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":894200,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAJxXjEAAgAaLwQoBAQoKAgICzQAhaqp6lfULT8nbUBggFM3ZAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00569{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567466,"pkt_ts_usec":894211,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAJxXjEAAfwaMwQoBAQoKAgICzQAhaqp6lfULT8nbUBggFM3ZAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00426{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106056,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00426{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106069,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00426{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106081,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00426{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106207,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00425{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106496,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAAAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrNAjPIUrYTUtcCgBL68P3BAAACBAW0AQEEAgEDAwc="} -00425{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106501,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrNAjPIUrYTUtcCgBL68P3BAAACBAW0AQEEAgEDAwc="} -00425{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106541,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOy+wAAAIAEUAADQAAEAAQAYjtgoCAgIKAQEKIWrNAjPIUrYTUtcCgBL68P3BAAACBAW0AQEEAgEDAwc="} -00425{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106633,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAMAAQAGAAwpOL1aAAAIAEUAADQAAEAAPwYktgoCAgIKAQEKIWrNAjPIUrYTUtcCgBL68P3BAAACBAW0AQEEAgEDAwc="} -00417{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106788,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAChXuUAAgAaMCAoBAQoKAgICzQIhahNS1wIzyFK3UBAgFBlxAAAAAAAAAAA="} -00418{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106797,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAChXuUAAgAaMCAoBAQoKAgICzQIhahNS1wIzyFK3UBAgFBlxAAAAAAAAAAA="} -00410{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106801,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAChXuUAAfwaNCAoBAQoKAgICzQIhahNS1wIzyFK3UBAgFBlxAAA="} -00418{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":106895,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"pkt":"AAMAAQAGAAwpOL1kAAAIAEUAAChXuUAAfwaNCAoBAQoKAgICzQIhahNS1wIzyFK3UBAgFBlxAAAAAAAAAAA="} -00569{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":113539,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAJxXukAAgAaLkwoBAQoKAgICzQIhahNS1wIzyFK3UBggFHKeAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":113553,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAJxXukAAgAaLkwoBAQoKAgICzQIhahNS1wIzyFK3UBggFHKeAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00569{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"rtsp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1627567528,"pkt_ts_usec":113562,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":172,"pkt_l4_len":136,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAJxXukAAfwaMkwoBAQoKAgICzQIhahNS1wIzyFK3UBggFHKeAABPUFRJT05TIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogMg0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQoNCg=="} -00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test"} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} +00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1627567279015,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567279015,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":97,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567337246,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567338841,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":185,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1627567397145,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567398644,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1627567406342,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567406342,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":92,"flow_first_seen":1627567406342,"flow_last_seen":1627567407043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10708,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1627567465366,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":204,"pkt_l4_len":168,"ts_msec":1627567465366,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAALxXhEAAgAaLqQoBAQoKAgICzP4hahoxgovxx02FUBgEATbGAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiAzMmZhZWM5Yjc4Zjg0ZjkNCg0K"} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1627567465366,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":204,"pkt_l4_len":168,"ts_msec":1627567465366,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAALxXhEAAgAaLqQoBAQoKAgICzP4hahoxgovxx02FUBgEATbGAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiAzMmZhZWM5Yjc4Zjg0ZjkNCg0K"} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":204,"pkt_l4_len":168,"ts_msec":1627567465366,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAALxXhEAAfwaMqQoBAQoKAgICzP4hahoxgovxx02FUBgEATbGAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiAzMmZhZWM5Yjc4Zjg0ZjkNCg0K"} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":12,"flow_first_seen":1627567465366,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","total-events-serialized":50} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 79380 bytes -~~ total detected protocols..: 7 -~~ total active/idle flows...: 7/7 +~~ total layer4 data length..: 67396 bytes +~~ total detected protocols..: 8 +~~ total active/idle flows...: 8/8 +~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1968528 bytes -~~ total memory freed........: 1968528 bytes -~~ total allocations/frees...: 35932/35932 +~~ total memory allocated....: 1972396 bytes +~~ total memory freed........: 1972396 bytes +~~ total allocations/frees...: 35937/35937 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 130 chars -~~ json string max len.......: 616 chars -~~ json string avg len.......: 443 chars +~~ json string min len.......: 159 chars +~~ json string max len.......: 651 chars +~~ json string avg len.......: 475 chars |