diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-02-27 02:53:39 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-02-27 02:53:39 +0100 |
| commit | 9db048c9d93a00adf4b258d2341b24229d2a45a1 (patch) | |
| tree | 58994c0e8e5b77a1909b232c5cb57109583cf8b4 /test/results/stun_signal.pcapng.out | |
| parent | cb80c415d8a20b03f0d6a8f2fc38e8c8250a04da (diff) | |
Serialize flow risk score / confidence.
* bump libnDPI to 8b062295cc76a60e3905c054ce37bd17669464d1
* removed ndpi_id_struct's
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/stun_signal.pcapng.out')
| -rw-r--r-- | test/results/stun_signal.pcapng.out | 102 |
1 files changed, 51 insertions, 51 deletions
diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out index 8401f4d6a..9b1e988eb 100644 --- a/test/results/stun_signal.pcapng.out +++ b/test/results/stun_signal.pcapng.out @@ -13,32 +13,32 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1636901936070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936070,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1636901936083,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901936083,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} -00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"},"entropy":5.050556} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1636901936120,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936120,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1636901936135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936135,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1636901936135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936135,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936070,"flow_last_seen":1636901936138,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936138,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936070,"flow_last_seen":1636901936138,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936138,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1636901936144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936144,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936144,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901936144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936144,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901936144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1636901936150,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1636901936150,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1636901936292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936292,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1636901936040,"flow_last_seen":1636901936292,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901936292,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1636901936040,"flow_last_seen":1636901936292,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901936292,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1636901936292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936292,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1636901936316,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936316,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1636901936320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936320,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936320,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901936320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936320,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901936320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1636901936411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901936411,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1636901936415,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901936415,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} -00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901936065,"flow_last_seen":1636901936889,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901936889,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901936065,"flow_last_seen":1636901936889,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901936889,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1636901956886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1636901956899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956899,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956900,"flow_last_seen":1636901956900,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956900,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1636901956900,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956900,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1636901956903,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901956903,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} @@ -46,10 +46,10 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1636901956921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956921,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1636901956929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956929,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1636901956930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956930,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1636901956946,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901956946,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1636901956960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901956960,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1636901956962,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901956962,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} @@ -65,16 +65,16 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1636901958294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636901958294,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1636901958378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1636901958378,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1636901958378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636901958378,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} -00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901958294,"flow_last_seen":1636901958378,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1636901958378,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956900,"flow_last_seen":1636901967653,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1636901967653,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956921,"flow_last_seen":1636901967684,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1636901967684,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00639{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901958294,"flow_last_seen":1636901958378,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1636901958378,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1636901956900,"flow_last_seen":1636901967279,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901967279,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956921,"flow_last_seen":1636901967684,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1636901967684,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1636901998588,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998588,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1636901998589,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998589,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998637,"flow_last_seen":1636901998637,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998637,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1636901998637,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998637,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998637,"flow_last_seen":1636901998637,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998637,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -88,56 +88,56 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1636901998654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901998654,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1636901998654,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901998654,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} -00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"},"entropy":5.050556} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1636901998654,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901998654,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1636901998657,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1636901998657,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1636901998660,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1636901998660,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1636901998660,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901998660,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1636901998663,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901998663,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1636901998865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1636901998865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1636901998885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998885,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998637,"flow_last_seen":1636901998885,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901998885,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998637,"flow_last_seen":1636901998885,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901998885,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1636901998885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998885,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1636901998967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901998967,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1636901998967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901998967,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} -00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901998637,"flow_last_seen":1636901999417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901999417,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901998637,"flow_last_seen":1636901999417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901999417,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1636902000024,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000024,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1636902000073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000073,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1636902000102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1636902000102,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1636902000107,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000107,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1636902000142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1636902000142,"pkt":"mt9Y+uvcCL6sCxduCABFAABcw7ZAAAYRTTcSw4OPwKgMqfA6upcASKsWAQEALCESpEI3OHB2NXh3VHhSY2IAIAAIAAEPjnw9RVEACAAUJEyhW79\/NO7EtgfmN47ncd2\/SCyAKAAE6dNIHg=="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1636902000142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000142,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901956930,"flow_last_seen":1636901987908,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956899,"flow_last_seen":1636901980718,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936065,"flow_last_seen":1636901939886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1636902000024,"flow_last_seen":1636902000208,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":488,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956900,"flow_last_seen":1636901978278,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901956930,"flow_last_seen":1636901987908,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956899,"flow_last_seen":1636901980718,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936065,"flow_last_seen":1636901939886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1636902000024,"flow_last_seen":1636902000208,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":488,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956900,"flow_last_seen":1636901978278,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1636901958294,"flow_last_seen":1636901970409,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":7870,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN","breed":"Acceptable","category":"Network"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936070,"flow_last_seen":1636901939887,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014416,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936663,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998588,"flow_last_seen":1636902019979,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956929,"flow_last_seen":1636901980724,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1636901956886,"flow_last_seen":1636901987907,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956921,"flow_last_seen":1636901978319,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998589,"flow_last_seen":1636902019976,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1636902000073,"flow_last_seen":1636902002742,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":6170,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1636901998654,"flow_last_seen":1636902021384,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"}} -00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"}} -00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1636901958294,"flow_last_seen":1636901970409,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":7870,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936070,"flow_last_seen":1636901939887,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014416,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936663,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998588,"flow_last_seen":1636902019979,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956929,"flow_last_seen":1636901980724,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1636901956886,"flow_last_seen":1636901987907,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956921,"flow_last_seen":1636901978319,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998589,"flow_last_seen":1636902019976,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1636902000073,"flow_last_seen":1636902002742,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":6170,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1636901998654,"flow_last_seen":1636902021384,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","total-events-serialized":141} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 @@ -147,10 +147,10 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4643817 bytes -~~ total memory freed........: 4643817 bytes -~~ total allocations/frees...: 100083/100083 +~~ total memory allocated....: 4721218 bytes +~~ total memory freed........: 4721218 bytes +~~ total allocations/frees...: 101673/101673 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 169 chars -~~ json string max len.......: 736 chars -~~ json string avg len.......: 522 chars +~~ json string max len.......: 845 chars +~~ json string avg len.......: 576 chars |