diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-13 20:33:15 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-13 22:05:08 +0200 |
| commit | d4633c11927683865d8b7bec5e0e4162bae82a60 (patch) | |
| tree | 12e0d78562254e297b7ef9c0f9d4cc3c8fa53874 /test/results/rx.pcap.out | |
| parent | aca1615dc13bac949d507c493e9cef80fd2402ef (diff) | |
New flow event: 'analysis'.
* The goal was to provide a separate event for extracted feature that are not required
and only useful for a few (e.g. someone who wants do ML).
* Increased network buffer size to 32kB (8192 * 4).
* Switched timestamp precision from ms to us for *ALL* timestamps.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/rx.pcap.out')
| -rw-r--r-- | test/results/rx.pcap.out | 79 |
1 files changed, 40 insertions, 39 deletions
diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out index 67184b548..abd42589b 100644 --- a/test/results/rx.pcap.out +++ b/test/results/rx.pcap.out @@ -1,36 +1,37 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1460647264018} -00696{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":200000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460647264018,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_msec":1460647264018,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460647264026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1460647264026,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":200000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1460647264026,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460647264026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647264026,"pkt":"PIqwbTfwAAjK968mCABFAABd5\/IAAEARpF6DctuowKfOfKJXG1oASRKnVw+1YFw\/yYgAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} -00696{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647283326,"flow_last_seen":1460647283326,"flow_idle_time":200000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460647283326,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1460647283326,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_msec":1460647283326,"pkt":"PIqwbTfwAAjK968mCABFAAFA6DUAAEARoziDctuowKfOfJW7G1oBLLHjVw+1c1wtPyQAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1460647283340,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1460647283340,"pkt":"AAjK968mPIqwbTfwCABFAABATVwAADoRRRLAp858g3LbqBtalbsALJAKVw+1c1wtPyQAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":200000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1460647283340,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1460647283340,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647283340,"pkt":"PIqwbTfwAAjK968mCABFAABd6DcAAEARpBmDctuowKfOfJW7G1oASammVw+1c1wtPyQAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} -00692{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647299605,"flow_last_seen":1460647299605,"flow_idle_time":200000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460647299605,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1460647299605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1460647299605,"pkt":"PIqwbTfwAAjK968mCABFAABM9uIAAEARlX+DctuowKfOfBtZG1sAOL9z1w+zMFwiT6wAAAABAAAAAQAAAAEBBQAAAAAANAAAAg8AAAAJcm9vdC5jZWxsAAAA"} -01894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1460647299669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1460647299669,"pkt":"AAjK968mPIqwbTfwCABFAARQURUAADoRPUnAp858g3LbqBtbG1kEPOsl1w+zMFwiT6wAAAABAAAAAQAAAAEBBAAAAAAANAAAAHIAAABvAAAAbwAAAHQAAAAuAAAAYwAAAGUAAABsAAAAbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBuMngAAEMHAAAfwf\/\/\/6MAAAAlAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AIQN5gAA+50AABAS\/\/\/\/mP\/\/\/4QAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHcAbjJ4AABDBwAAH8H\/\/\/+jAAAAJQAAAAEAAAABAAAAAAAAAH\/\/\/\/+qAAAAdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwAAAA8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAEgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAyAAAAROcGeMAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647299605,"flow_last_seen":1460647299669,"flow_idle_time":200000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":1076,"midstream":0,"thread_ts_msec":1460647299669,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1460647299669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647299669,"pkt":"PIqwbTfwAAjK968mCABFAABd9usAAEARlWWDctuowKfOfBtZG1sASZXi1w+zMFwiT6wAAAABAAAAAAAAAAICIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} -00693{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647299704,"flow_last_seen":1460647299704,"flow_idle_time":200000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460647299704,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1460647299704,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460647299704,"pkt":"PIqwbTfwAAjK968mCABFAAA8LUMAAEARXrqDctuowKfO8RtZG1gAKKMX1w+zMFwiT7AAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1460647299782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1460647299782,"pkt":"AAjK968mPIqwbTfwCABFAABeF80AADoReg7Ap87xg3LbqBtYG1kASo9g1w+zMFwiT7AAAAABAAAAAAAAAAECIgAAAAAAAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647299704,"flow_last_seen":1460647299782,"flow_idle_time":200000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_msec":1460647299782,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1460647299782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647299782,"pkt":"PIqwbTfwAAjK968mCABFAABdLVQAAEARXoiDctuowKfO8RtZG1gASaag1w+zMFwiT7AAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="} -00693{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647299986,"flow_last_seen":1460647299986,"flow_idle_time":200000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460647299986,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1460647299986,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460647299986,"pkt":"PIqwbTfwAAjK968mCABFAAA89w8AAEARlWKDctuowKfOfBtZG1gAKKOI1w+zMFwiT7QAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1460647300017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1460647300017,"pkt":"AAjK968mPIqwbTfwCABFAABeUWIAADoRQO7Ap858g3LbqBtYG1kASjJ01w+zMFwiT7QAAAABAAAAAAAAAAECIgAAXV0AAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647299986,"flow_last_seen":1460647300017,"flow_idle_time":200000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_msec":1460647300017,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1460647300017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647300017,"pkt":"PIqwbTfwAAjK968mCABFAABd9xIAAEARlT6DctuowKfOfBtZG1gASacR1w+zMFwiT7QAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":200000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_idle_time":200000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":31,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_idle_time":200000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4792,"flow_dst_tot_l4_payload_len":4266,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":9,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_idle_time":200000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":7708,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":200000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1460647320158} +00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_usec":0} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} +00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647264018403,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1460647264018403,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1460647264026287,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} +00861{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647264026287,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1460647264026325,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1460647264026325,"pkt":"PIqwbTfwAAjK968mCABFAABd5\/IAAEARpF6DctuowKfOfKJXG1oASRKnVw+1YFw\/yYgAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} +00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647283326954,"flow_src_last_pkt_time":1460647283326954,"flow_dst_last_pkt_time":1460647283326954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647283326954,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1460647283326954,"flow_dst_last_pkt_time":1460647283326954,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1460647283326954,"pkt":"PIqwbTfwAAjK968mCABFAAFA6DUAAEARoziDctuowKfOfJW7G1oBLLHjVw+1c1wtPyQAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1460647283326954,"flow_dst_last_pkt_time":1460647283340393,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1460647283340393,"pkt":"AAjK968mPIqwbTfwCABFAABATVwAADoRRRLAp858g3LbqBtalbsALJAKVw+1c1wtPyQAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} +00861{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647283326954,"flow_src_last_pkt_time":1460647283326954,"flow_dst_last_pkt_time":1460647283340393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647283340393,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1460647283340531,"flow_dst_last_pkt_time":1460647283340393,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1460647283340531,"pkt":"PIqwbTfwAAjK968mCABFAABd6DcAAEARpBmDctuowKfOfJW7G1oASammVw+1c1wtPyQAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} +00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647299605656,"flow_dst_last_pkt_time":1460647299605656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647299605656,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1460647299605656,"flow_dst_last_pkt_time":1460647299605656,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1460647299605656,"pkt":"PIqwbTfwAAjK968mCABFAABM9uIAAEARlX+DctuowKfOfBtZG1sAOL9z1w+zMFwiT6wAAAABAAAAAQAAAAEBBQAAAAAANAAAAg8AAAAJcm9vdC5jZWxsAAAA"} +01953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1460647299605656,"flow_dst_last_pkt_time":1460647299669561,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_usec":1460647299669561,"pkt":"AAjK968mPIqwbTfwCABFAARQURUAADoRPUnAp858g3LbqBtbG1kEPOsl1w+zMFwiT6wAAAABAAAAAQAAAAEBBAAAAAAANAAAAHIAAABvAAAAbwAAAHQAAAAuAAAAYwAAAGUAAABsAAAAbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBuMngAAEMHAAAfwf\/\/\/6MAAAAlAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AIQN5gAA+50AABAS\/\/\/\/mP\/\/\/4QAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHcAbjJ4AABDBwAAH8H\/\/\/+jAAAAJQAAAAEAAAABAAAAAAAAAH\/\/\/\/+qAAAAdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwAAAA8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAEgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAyAAAAROcGeMAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00861{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647299605656,"flow_dst_last_pkt_time":1460647299669561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":1076,"midstream":0,"thread_ts_usec":1460647299669561,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1460647299669639,"flow_dst_last_pkt_time":1460647299669561,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1460647299669639,"pkt":"PIqwbTfwAAjK968mCABFAABd9usAAEARlWWDctuowKfOfBtZG1sASZXi1w+zMFwiT6wAAAABAAAAAAAAAAICIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} +00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647299704750,"flow_dst_last_pkt_time":1460647299704750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647299704750,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1460647299704750,"flow_dst_last_pkt_time":1460647299704750,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460647299704750,"pkt":"PIqwbTfwAAjK968mCABFAAA8LUMAAEARXrqDctuowKfO8RtZG1gAKKMX1w+zMFwiT7AAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1460647299704750,"flow_dst_last_pkt_time":1460647299782295,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1460647299782295,"pkt":"AAjK968mPIqwbTfwCABFAABeF80AADoReg7Ap87xg3LbqBtYG1kASo9g1w+zMFwiT7AAAAABAAAAAAAAAAECIgAAAAAAAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"} +00858{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647299704750,"flow_dst_last_pkt_time":1460647299782295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1460647299782295,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1460647299782351,"flow_dst_last_pkt_time":1460647299782295,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1460647299782351,"pkt":"PIqwbTfwAAjK968mCABFAABdLVQAAEARXoiDctuowKfO8RtZG1gASaag1w+zMFwiT7AAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="} +00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647299986990,"flow_src_last_pkt_time":1460647299986990,"flow_dst_last_pkt_time":1460647299986990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647299986990,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1460647299986990,"flow_dst_last_pkt_time":1460647299986990,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460647299986990,"pkt":"PIqwbTfwAAjK968mCABFAAA89w8AAEARlWKDctuowKfOfBtZG1gAKKOI1w+zMFwiT7QAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1460647299986990,"flow_dst_last_pkt_time":1460647300017623,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1460647300017623,"pkt":"AAjK968mPIqwbTfwCABFAABeUWIAADoRQO7Ap858g3LbqBtYG1kASjJ01w+zMFwiT7QAAAABAAAAAAAAAAECIgAAXV0AAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"} +00858{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1460647299986990,"flow_src_last_pkt_time":1460647299986990,"flow_dst_last_pkt_time":1460647300017623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1460647300017623,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1460647300017672,"flow_dst_last_pkt_time":1460647300017623,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1460647300017672,"pkt":"PIqwbTfwAAjK968mCABFAABd9xIAAEARlT6DctuowKfOfBtZG1gASacR1w+zMFwiT7QAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="} +01332{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":61,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647300147650,"flow_dst_last_pkt_time":1460647300150407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2528,"flow_dst_tot_l4_payload_len":1781,"midstream":0,"thread_ts_usec":1460647300150407,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":52,"flow_avg":28863.9,"flow_max":105287,"flow_stddev":33076.1,"c_to_s_min":52,"c_to_s_avg":28117.0,"c_to_s_max":103176,"c_to_s_stddev":32194.3,"s_to_c_min":277,"s_to_c_avg":29710.5,"s_to_c_max":105287,"s_to_c_stddev":34028.1},"pktlen": {"c_to_s_min":70,"c_to_s_avg":190.7,"c_to_s_max":510,"c_to_s_stddev":158.7,"s_to_c_min":74,"s_to_c_avg":160.7,"s_to_c_max":782,"s_to_c_stddev":172.3}},"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00901{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264026325,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00905{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1460647299986990,"flow_src_last_pkt_time":1460647320158051,"flow_dst_last_pkt_time":1460647300312692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00906{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":31,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647320158014,"flow_dst_last_pkt_time":1460647300329629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4792,"flow_dst_tot_l4_payload_len":4266,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00905{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":9,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647300326863,"flow_dst_last_pkt_time":1460647300326798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":7708,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00901{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647283326954,"flow_src_last_pkt_time":1460647283340531,"flow_dst_last_pkt_time":1460647283340393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1460647320158051} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 132/132 ~~ skipped flows.............: 0 @@ -39,10 +40,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6039264 bytes -~~ total memory freed........: 6039264 bytes -~~ total allocations/frees...: 121576/121576 +~~ total memory allocated....: 6043544 bytes +~~ total memory freed........: 6043544 bytes +~~ total allocations/frees...: 121606/121606 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 458 chars -~~ json string max len.......: 1899 chars -~~ json string avg len.......: 1177 chars +~~ json string min len.......: 473 chars +~~ json string max len.......: 1958 chars +~~ json string avg len.......: 1214 chars |