diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-05-12 13:48:49 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-05-12 13:48:49 +0200 |
| commit | 241a7fdc4fc5f205e3553195ca0c27be44848261 (patch) | |
| tree | 3041f689be41cfa888be1159e6d57ea277edc1ef /test/results/teams.pcap.out | |
| parent | fa079d2346ec105d73fcb3ccf500c48aa9f219c0 (diff) | |
Added missing datalink types.
* basicially C&P from nDPI reader_utils but with some more sanity checks
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/teams.pcap.out')
| -rw-r--r-- | test/results/teams.pcap.out | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index dd51fb57f..d04d871ad 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -3,20 +3,20 @@ 00777{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041672,"pkt_ts_usec":419153,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041672,"pkt_ts_usec":611330,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00152{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","type":38} +00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","type":38} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1587041673094,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041673,"pkt_ts_usec":94451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"} 00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041673,"pkt_ts_usec":412435,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041673,"pkt_ts_usec":611235,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00152{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","type":38} +00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041674,"pkt_ts_usec":611244,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00152{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","type":38} +00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","type":38} 00420{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041675,"pkt_ts_usec":216685,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"} 00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041675,"pkt_ts_usec":409077,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041675,"pkt_ts_usec":611218,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00152{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","type":38} +00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","type":38} 00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1587041675997,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00457{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041675,"pkt_ts_usec":997451,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"} 00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1587041675997,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -56,7 +56,7 @@ 00492{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":592494,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnMAJAAGwGm000ck0hwKgBBgG77HRJojEUnM0kM4AYBAUC6gAAAQEICmEGTWMwhJgiFAMDAAEBFgMDACgAAAAAAAAAAP2LLG2PnDQehKYYtBjGkN6MY9XhuxGTfkh6HM3dIStA"} 00423{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":592590,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSQzSaIxR4AQD\/6CJgAAAQEICjCEmE9hBk1j"} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":611249,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00153{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","type":38} +00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","type":38} 00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1587041676612,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00439{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":612882,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"} 00433{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":642642,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} @@ -115,10 +115,10 @@ 00415{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":285008,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowVBAAHYGits0ccKEwKgBBgG77Hiki2ydf05NSlAQBAEnOgAAAAAAAAAA"} 00406{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":380886,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00385{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":408485,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00157{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00779{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":422728,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":611261,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","type":38} +00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","type":38} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1587041678029,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00439{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":29919,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"} 00435{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":74133,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} @@ -138,7 +138,7 @@ 02361{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":167012,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex5Abv0H+y6O2WI74AQEAAoYgAAAQEICjCEnkphEwA3FwMDG2cAAAAAAAAAAZWrlc0xquAlEvLg1qd3Ae5HeSo+iORe3JZNH14zWSiFWZJRmwAZvfrqVn7gmX\/rBt9nqaoLblCpp70qMBnSlYFTpLvirc1co0KqGiQE+L+jglGG2U181le9GMVy6lTlGpt3HjbhTIt1xyS2V+dwLbOqWsppgDq8iEvfGeRGjo8ubs2SAmphgiJEVy+ftkrvWmIxlnJEe0KJeNfyl420ieFoLwDIKqKxsKNo6wrrtmz5U81Mxy5z9+CVZRVUR1GSMDdtSjCDuXfd0er7qCMW0JkPh3vr6ANjn67SFYnQjWRYyUrtbC\/QAereKfnogKEVrQYU+Zi0n3EfB3UcYgsYQi0Jzr3lsWTtOwT\/xmia\/4cCIicAQ\/GMhxPKNinUw3VBSdzebgMVrM5lV6emBMyD9p97FPZFSo9oMfOuOqPOV9JM5biYw56\/12WdgNU4QNKnnC0X7VNC\/qsy8xWEkirzVaJdTjKQVtA9Fdigzp8pVZdmcKxxLYRg\/Qy20HdyxD1dWotjW\/iCqC8s1AXTBo7GlVjfO\/46wnL+Z4hJ9ooUjSQJ3qd0vK2MQRbUbbfNbpj4x2tSKJCGnRMDszzIMrX+hmB7uef3MI+S59QOmIsKrXeoNXsLxmuRw6W4F6xhxYbgZFioL71ouyMa\/A7+UR7J48hxdj08TZzumyLbjJ9ujRMIAhxdFkXyqkmWuq6rw4XZ4o\/0QF+S8Z5iYLfdWj8AKOnPMSYoPRfAU509DGJp1aGBtfkwf5gGb0I\/iYSVteGjlJI\/tk0wbS8mF\/IIb7FHDv71tM++F85Yapsne1iouzN443i3GO1l0aQUUV5YLGK6AiH0expNocaeSgcl3nS8WrX9MnMPzJtLpks0BpM2Y2mIbS\/a+CGlovrjadPZENRsN1miaMj5bLtdR+IMvXHqlQ7IHhdsaneLMkjaEms+l5c8L+yKl\/neXkCF6qYd7ugaYZ86T4LTsh6vXy1C1Gh3YoSFW7TxxTkhmdO0sPy6a6rOF4q536Obtt0ZjQL7Xya8ZO2+aniELVmXA2pi7zgWFG83HZPnAB4T4CgzzJ0VXZta09U\/tOKTPbXRti5aNbBP3kgjHoOKaLQa0fOHzHIWxuUJKV0JtnpeiVrlepeA0jYzOP286YEkCbpDlE\/bzceBRqNAShu6k+gRSkYmKG1WVKQqdIEawJwhNbLpBJa7HLC35zrjR1vC08PdBJPZHkGD9LsgHqUXqGDntDrZfuxV\/28wBkPK67i2NTOWEroUVGereH641SSKM9CWqsYmgq9pJsqdJ4wxEsuyiurR9ftmh9Dn5IQwpBeKzF0LR7w3SuHdkAKTQFB7rMjTx2HntUhG4EdcNvsQVLEUWh53KJPbvECnbJ5nHenBk9V9f0HVxFzpWLfveMyIf8bwtZw7gacmbaEHux4rkgMeXCJQjw\/DtoPIKQ7g2DZoVXj+LF2C9tapALqNK4Fo\/ZVZnoOTO5ChtIFuJA6d+3\/JzAdDHm+O3MsVmKgaicqcTOZeCd75hKNXR0\/oWrcWr5FIx2w89TRLqc8ES7Qdw3zwZGFPs27DKxhFEVnWuZV\/McUmB92gxyYl1JVZheceYxPjLdgTM4tDQrPgibg+kExAWj1UTbwyni7kq9MHpCQwNG+YfGuOlxjWQFkiomPenkBPCTFSHKvYLmwTfK\/6qrFdmMMSPpxYNgs40zsx+Ft3HXLWhcxjmnYtEwsd3W3I4Rg1kZE8bwc95mkKpIuMlzIUYZi3raBYtR5ACkmghCN7voA4EDuCeqmMDvOyrhei5CYM6AuwQKXhoU8nXbOcOmtd0dI\/dTBJO3mj+nR98Fz2PF5aAObS\/JKA7B9YmvOzXszSJB0xa6DDIfcSw6iiRblePgc0QjR08bOQ2XbS2+hB"} 02360{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":167016,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex5Abv0H\/JOO2WI74AQEACuHAAAAQEICjCEnkphEwA3J+mKwXvMvO8jfyhEiq4VtBb0DtQ8isPryoapLKM2XxbLPC6pdDIeSIAwXVrF08zI4T\/yzbSkl9w2wMdC9g5YanKAuHEJ96oJyzuW8ReCHP9aLsp3AvGfcFqr\/AnF9VVhOFq\/aRGmqk+ftx9jHdFU7La3MJMRb0FAF3T0NoK6lMgh5JFfDyD4hClVL5yUd7aJtp\/onXnRAa3qXgrkuXwGo3gZ48T4YkBKLDFE7gjiqjFf0eqMm9d3y\/5JC92l1H1VpmEqAyLCIMZaQMErwXfU1AYMA64uvLVUxAnIwfzRexoX0U2ADCPeuV\/mrPM53OMkHlBXAbkr5kUpoZm1eVvF3jIjXmNe\/z+ZFhNbqSPwbpCwaiOFHtP4jDPCs3tUv+5tvPiiwBsoYfAADbsV7YWtp3iMoQaIAzXk1hMy6dQyPBAmA4b5mjKDIYUpZUVoCYV9fCCOmc1+f2E+BwBcp64ChwwzDGaENNLKxJN4hT3pR7aU+3srTUfZMRKTJe1UsGrFb9EmBcniDvg2fqh0KZ2Cj+Gud6xZ0bg2lr7iBFi\/j9ppWYlKwg4ODh+6QMmUTVJ4EqZC73H57nN0fs99Zuj1JdC66ebUny3bRweuqhkjmQgtftv8QBwRZ3vY47iMSUjbmytbduip+HnI5bcdv8K9xn40cmub+pon2DZ5i\/GcvZcenP5xAk24ssyosJuV8AUUlVJcz5WvzOzXbxUgiQ0LU2Co9fA8TxSQ8Q+BDIkoaZYEc3pYEQiM+b1lRmL4RcwRifMmkZOH2xx\/MXNKGpj2mohaUHSGAnu3jAKS6WmRqhrtcWAfEwlirw++SKoF0sshMtkSYFloGaFPFrPf185KwWATOK2ym83A5870DeQoP1eSkY11vx+ExqyySQiBkyYHtB0tiUi3COVsrybNI5EOQtWusiWFkAogY9yUXBpb4qyPbYczG0iKPISEJzUs81Vt2cdNzBP9Ty8Js14b3hHM2LUD1jH6IU3rQzokQPA226onwObbu1tv92xfMnnzHmB4iS4+kImvhQmRJyCqa1wbpLaB0waGh8MzKMNZGKvYESQV2\/n76KYiG\/n3daltozEvfLDBzW1VUGVqb67PDdrQD3GtB+bI4hwh8ogEBjOPM+MhgRK3LtFt0yLF6WfkUC21rlb0dk\/Oi2Op4f3w0wnwZmxNY+tx+wivYeaTkZ5dsYZ2DYApsaC8u\/9\/Q55oo\/k1bP4S+AuBjJqQFJhtVTCYOlsBugmKaW\/Sn3qRnKgAfkDwKQzpDLG0TqHPlNC8+Exy2AkjcHLdA+Le2hti3+MrppkdHEVaXvgcDQKEs8a50VgUKuIg8y9B1E2CWX36+TsEBekAUraAkyycxjYB0CifaBgJMR+f55yrMKmjlscjkz4m6LjYf5LnAYpa3scIIubyJfeHm0CO+CFKix8I9MUY0sxEe9a\/aovbisEaJWGIPnGKHRhPzl5h2Z38meqwh3+UPL2Ji+RM6cMJR2TvAktmDZjmYJ20Yybxpmiml1+vvcshqo0tdulUe78IAbZ\/l\/9PpFVPcC04jtq729NZ8R6bfZ0VmDXNNukN9J8i9zZcGdeQawz0JJUtS1bIDmGCU3oEyQUjhxBAUz9IWNRH35l9TnleE\/PoX5leE4tV2ZpXqs9rR7Sc5YeC4b71Hstp6sXnB8LP1Y1G\/XziMvq8MeVQ7c8qG8Q9SG4yrwFHt7zKwecAZVHul2jyRRdhYST1LfwPeBZZFHzRlZ3CFnop787FACRzaIejUFmCCQX4RLM8JGSvJ4INFYGD\/pcSHF4qGDCxi3nE9IzvoWNnWITCqzw9On3dLEvIzswSbSPIJJGMr3mrNRyRzyvMDpb9ExgUN7\/GYVNu1m93zfuqwKJAI1pW4XeXckO+wZvg3r\/+NEz\/Sx0hTRHs"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":611338,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","type":38} +00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","type":38} 00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1587041679059,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00447{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":59584,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1587041679059,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -149,9 +149,9 @@ 01051{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":280885,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} 00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00385{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":406816,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00157{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":611289,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","type":38} +00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","type":38} 00447{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":62816,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00522{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":74798,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="} 00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":49,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -164,16 +164,16 @@ 01902{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":294649,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="} 00407{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":294680,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":611341,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","type":38} +00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","type":38} 00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1587041681218,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00456{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":218709,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="} 00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1587041681218,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":248693,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="} 00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":55,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}} 00385{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":407197,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00157{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":611328,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00154{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","type":38} +00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","type":38} 00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00443{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":714331,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} 00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -324,7 +324,7 @@ 00425{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":557342,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXrVFR5zkYAQD6lF3AAAAQEICjCEry1hBrTM"} 00556{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":558763,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIex\/Abv2sXrVFR5zkYAYEABZEQAAAQEICjCEry5hBrTMFgMDACUQAAAhIK\/sgoqbP1FUk5z3uBhISmpZe7zNM7WCfNmacEg0wRVeFAMDAAEBFgMDACgAAAAAAAAAAJIf4wDKViT\/AGT8JuQxf\/b3YbtHGUgi6ofrTu7kIdPE"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":611214,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","type":38} 00425{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":625355,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKtAAGwGWtc0ck0hwKgBBgG77H8VHnOR9rF7MoAQBAVQ3QAAAQEICmEGtREwhK8u"} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1587041682668,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00474{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":668456,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00705{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":379360,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} 00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":406443,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","type":34969} 02365{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":430778,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 02361{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":430816,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVARAAGwGcd40ck0hwKgBBgG77IQbiSYgF+H61oAQBAUL2AAAAQEICmEe+38whLI\/LnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 00425{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":430891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4frWG4krwIAQD6+b9wAAAQEICjCEsnFhHvt\/"} @@ -427,7 +427,7 @@ 02369{"flow_id":35,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":478323,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyEAbsX4gDHG4kxHoAQEAA0ywAAAQEICjCEsp9hHvut41HNShvkoqONiQ48LSVK+ZOos8GcBweE0RqlKz1BGCZnz5h6aGdzM9OMZh+4feRCuiZFwnG4ScZh55PD+BUZNuS0tJR9lGTgVcJQl9odAQcL6tqLwsUtRu3Q9ql5fSztbsr49CaQ0zKk2MUtI98aM8EHUufSEmBGW3REAZtwWbVHwe\/mXpSJa9Ra3DPPEKfkntknolh3tvrnc83QFHrUNFbcO5JDtPKvVqSx4l9IQFtbbGHqtWsC4yBQ5i16bj2SMJl8hg7b5CT09JqqHP7amRnysRsbSP7eAVVlQryFpQOq\/ixRkVWPcul1UbCrvlkd9hAQd96f9Frf+zixTYGiiRzEqadQzmYBnFrgdEK+ZMFpj3NSoBhPjlTTl\/ZOaw8\/uW\/Urm\/G78rYQDzFk9BDbWh7lxY\/7RKYqicAV2++EGYrJlSf\/4ssZDSWPRjdGtlnsaP3tc+s1iH1Miy4M8EuuBPyMYaWol2xJ1dcEBb+D4msWBHvojOqT8YAmXhRNfaIanQzH5UulM24R1Vj0+fua7Pw3J1\/cOXvBo9\/KhW1lvpvDyQ3dspXRWGTbKoSoGKIVzDc4EFvjf+EVgfhhc5lFAQZT8BPDgqRSCBv60nJ3Jetc5K1YrKQH3XrYPoaTjVbDNaxgeoBsiEmTbL1I0liv4sEbbylYJ90JixfYUJ59syLnDkryhXCAVRzmglcMFIJFkm6F2373\/Wp9p7w2sp0fnj3CadvL6Ob147OCapnOFRnjizLiAvgnGfvZq9d30zvnd2MV5dyA3ecwN\/98q6Fodf4LXqw00ljM0+Kt3js3SASDuBhVvPtRj7J5TWTE9eEecnsbVUz1aaJOowWMhXak2\/0lLnI+lRCYZKl7zq02THsti7YS3DHKnSF1j4BIl4hCmOstEAy8THUTmkSAIOqr8PjdvkJMCiBzg6qBeQPml\/pnxRRJlaT9kYcAkpUx\/xc+wt+euiWxKJhT1QqL7lb0KukLo5KhVCvssxxkJJOzVinrhN4n+ymyDDzsq+hijJ333Cxg7AW\/mPFJW1bjSn09D4STieFX4scRrfDYumkTC1k8iI8DHf+bW2y3\/hHMWti0yZb\/Vs1ZHKw\/8QaYN5rZaGRJ7otqKsxw8tu25cOW\/1iPQZpd4OZviEQpWBlsf0ToRt8+gONS5lg3PX8hkvldMidVPsK5ZB63RX5FmCkYTbklrICM4Kz2MW\/nQtP6aIK9vXostvElrJH32rxa0EiFTk3SigaQewlv9a3xL\/SG8\/Vk7oWPOUqzH80J+\/xiihydKdN87ntPVZGFYPWx+QI\/i6JvsyB8oZGWJ5CyNmTzBGfO+LHDMnAHpnvsjEHGbN9Hpd6fTJUHBuVERVKDZ+5Q8fALmKTZBiWSVcTZ5fyM3psS5tJExt0TAuNuHtzI40mL8JU6DxYgwuEahHuvaJsb1nmsdVDzPgMLG6asrA8Irdj3BD3G53X3jlIZ9Lur0pNae0mgRuvB7WmyfHcQ0IaVBzi5aelPJCZT9xTfna5EavaYm0SoC5aA8glJGjbts39z9R9\/uE4SCyLwkXAxQKIgvIlQz8NpaIrsue1kprezwYr41XgfAextKBbDpuWhJ1Of3uwd4u7Xbi2ggS7dFdM5\/+26lxKeE1ySnK5f7Oy4cblRYeaqX9jl13ySDSCjRag3Jd8ZoRX6XSP7\/WSYCmnYTyF4JCQrIGAFoYsjJ+EauuIFux60a7YoHfImyhsd4JospcwHLyzfBPKI9EcM5abIyYyVd5ZlAPKfv74TZEek1GXZNor50zZ2BvyKQ+bEgzy3qA1V0S\/eG009BGaKmw\/uPv0yq5kIV\/l0UWlHKLZuYHla98kfnqO90AD9PzZXe\/IqxTFLGmOmcv6gCh7n\/wtt9u0q0DDZYee\/D7pF0SIiArzmlgL"} 02366{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":478325,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyEAbsX4gZbG4kxHoAQEADx9gAAAQEICjCEsp9hHvutDHcc6klo6KPNM\/o34DlMc1ibh02AeqxSFguVn0wjv2VBZ0Uy2yjqYc5jWwho+xIl5aFaD98VMWIrCG0\/OdNBEK82cBBsZa5JVCcYSMZ8k4dNNSH1mYpYEcLqvd8UOhGdqjjFIp0N1D+XhCCV+1O4VcuqBth6zKbwPyKBmzqgJu1akbfmUT+L+iuzUFYMnc\/h4nCsCJd158nFYa76wgSFedaCApeMH7GJ0KPUsQ5syc1J+oGFU16iFpZCPRORSz\/MrtwphqEWC+s1YGpRHaVHlNvALGyK+y\/2+\/TvmmPzplwOJA5zBWbuv2BJKLFoFTGSy1jOYY6RNWxB\/ZMdLL\/K1B3Dg3ml6tOR1Epk9ca8bl+3UUkkp0CCyeWTNk9p3btiLZ6ouLe2w+mc7bBM2798faPPaS0pAwFVS8rTPSh2bO\/2aBvWrqB\/zCLD6dgj14JqpC5qcboCYDdQaAlq6IqNWyW3ummOJmnBLqKzTV2Vu7IPs3tloj64MTEiG2mhuNVItgYG9hqKQrL7HCC3WoCSjuOf+07RIYY1sYYtyjtOTzVaJ2PA8LtmzItJLNgTZ40x+uWZmxgiEPEWqPEK\/w2HA\/i9Iup2s7hjqJ0rnbXna93wRPqpmEjh086UoDYUTKqBoyADI90ORGt5+VANfWNpg9wL4LFzRf1lYOuD8HZMV6Y65Mj8X9fVc3+e94N1EbLc+8YizKV\/+p4grn0w6zP\/KL9SJjkd1vveXC3pGJEBXRHmQkUUbijxaRZh5vSyI3FNxllOpRtWv0VKaNZ80wFiB7Jv+3M3g9YQ9m3Yj328FjMxFv29V16GmoCGaxvSwxGlBVLC45EpnwWqB6oTbemsqU7c3TOadjxaNMpztZ6xfJNG9CRQ7kSQdwxPpbWk\/CQD0X4GvF71DS2151YMZJ5waUgJD+tIYhG+TbJ+kCxhi4xBoo9Dzco1vNd2FNIf3o13omRdlM4t9aTYNwzxJuY9hrXkXwEArBWhcGfxga1I1ForDLN84XDpE+1O9WNrTkd3ZfzqgJOm1OnEMWBSF4tJsmvLON2uH\/AJ05AzOvjl467HIrQ6Lz1tLInUvwI01pRMg\/P\/tDOg52jrj9rVGkFuqhcS8JMgu2Pl0kyAT0u5v8RGK7hSRn2rVVsnGr+I1OEj8i5o9M3BK82HXYzo+gg4wYbdAKpY48dNJbbAyFQDvaHhQ\/PTVZX1swJtnVN41ka6qjxYlHRt7jxBaHe60FUHdh8jirySuknOvTZHIqIlApkZto28LhsC7RMTsxzW773z0d19kEPAxEVD\/hymACh1ENMbIlknGUIBoM3rAq9Sjqushq6edWyRwXdkd8V1wuMnnEzZdJfslGQ2R2Ze5qt3WwXdsDt8UXz7giku8wB7BweHAeoIxWhSWO\/qow\/rrr72qZRZnJS2HVDayPVZ5U2lfACJOnVI62VMHKp+yLOOVwu5ZLgLSsMmk9cTU5M0I0qdaiuLkxRnmfN2NAHEz2GOX2KflxOvplnt5ym7kLiJvQvQWXuIjwepcwoZTE8g3C+1SHA5OZIsZiQIgvk\/wbEKGYguOlbR4tw9CQk\/0u8q2RmnX+OShSmEH+2PxeRA2cu0PKi3Qfy9f3UarU7W87rgVjj5rxeSEl\/QAGrDSQM2qwQfLfNuj5\/ME4MMwZw4D\/oWnhr4TX3TLY9Cee3mCV49Ootz4LtlMTb9Bks67ue3P+poGWHIH7HFDr\/2ZyLxTFAPx5nAdxPdOqeLnE7bmbOMBM1t9sMhNzaWT1pgyojF92fKUG\/5JJ7P7h7hztYsnZ77KB4r+JhCm0\/BwDnubdUfF725ro0KvmEwbuH+Wq+EVkWY44J72rxSTMj1dFHHzY589FN7F8Z11X6wEwEnbD0giqOfLrGogRIKiVptmo6fJjc3g\/gB"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":611241,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","type":38} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1587041684291,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00444{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":291077,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} 00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1587041684291,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -452,7 +452,7 @@ 01147{"flow_id":37,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1726,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":374278,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJCAABAAEAGV5LAqAEGDWsSC+yFAbvNnLpoNd4tYVAYIAAtOwAAFwMDAhUAAAAAAAAAAnoEFa1O6O4jB\/9Rs\/uZd2wnUxMOKQMhYYzxudiX9cneG\/e0hEbY\/V1I2kmd2n450RDif7N5YTIR5FfNYfrnoC9Sy3\/CmEn9xtjGkE2Du1g\/jOtL3bvVbdHctPyvqzE3wZFS8e\/ahk\/\/n49oSGrDg0UsLvlAplo1cBoBcdHHQ6+6JPEv6ytDzOg9ihyXhcdPrHV418BMh07FRMKWOFxVA8DVNQHYeOB5PevyZaFQj2vGvsOP\/XbQRKmM+0Kl3Z9wGGChJqjOAo+Mdzdv\/xNunKVinnfZ4r5pBudKfqepaGpNiF9OBLGC5Z961BfvXED13ZUfY3p\/qrfI\/kR6AZaeOBEUlOQRq+0Za2KQhPZKO7fevbCk3w+lDHDFkPwjf3h\/BoYqudB8T88mstgaH3Ttm69ksRbcNKcWl0XKWIvMSUlLH6TGLhBc6HRxiC0ePrX8oazeKfIOeXj0mF6hSGeZ6WTMrbpI5OzAqY1BOC2XgCg6ArsPGatdxByekknB05kddbw2wbP9ntZAvba5cJdQJ98xnWpxPe6ifZ3O2WlHMxi063Kl3b08VxTaPKkdTTzzhqVGsdoE7ArZxw3hNS5G5jx5WTbHrcvlmiDvkCu0Amnc2alBu\/YgRS7Lwdz9kWOgrskwsuh0Yzic3WSJbjevm14M+bOycMvakGAVYUu8OVIxXMzaUeF3LBF89iEK3g=="} 00593{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1727,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":374350,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"EBMx8Tl2KDc3AG3ICABFAACsAABAAEAGWSjAqAEGDWsSC+yFAbvNnLyCNd4tYVAYIABWVQAAFwMDAH8AAAAAAAAAA\/r4V7fKCRvENEHp2g9oFooWRNtbwacjQp5ot\/N9Dpu1\/XRH0KkXCfxdbarfm17nT4djYDWdAWmnmNu\/aTLusJ6kYlOwsB+guT1ONQ8OI1tB+9TDyiNT0a2qyBQ+OOL4BWjVA16FFnxWiLsBk7g\/adWO6XttK6ej"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":611243,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","type":38} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1587041685090,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00451{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":90830,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} 00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1587041685090,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -554,7 +554,7 @@ 02363{"flow_id":48,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":352778,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGQf3AqAEGKH4JB+yMAbvF6Ik6CTNBkIAQEABq+QAAAQEICjCEubRSSrieFwMDBsAAAAAAAAAAAZN+26IKokM\/ZJdqew2hyoVZsYfwirlKPCuD+rB9vU36bay4A1aRuUa47So2DTw3mKKAAiCas06RU3RR8C9HV6Z3G5shmetImIwR+iC\/Q\/93kNmIa6dp0d8XBDsbQgY\/n3IfyicZy2Gsa6borBu84VworLrUTByg1c4zc0w2AIDXE4Ge9CKyi73QyCqr1WKf8qEhM4eKqonhDGX3WvOtK\/16UQJmoHXA4+NjaOu+6vEkftmUKf3w\/pXP0cg7Xi2Yr78W6quARHrOk7v5h5JnIC4Xd8f12f5t8dxxa7MrgaZc1w06ZP+O9J8va3gaemP8wDVgpuEMfeWo1uQ2EXidZGfUWa9yMA9m+TTDTlkzd1iZn\/Nd15FbyY1kAIdHfBaoEFvSIETFKB\/dO4WJubLpR5UwO2jRcmLHiOorUkYZqEC5eDOjqkFQ2HnDTsAOoBBYQqalZ1321SVZtVdbxPW0t0ew1tEKC12JOLpx3d+4aeTaLCcfdA7AoRUUBrwzLVNSw5igewuDRF0GKGdvRoaE0c+VD+sMCJEmmWQZFGMtgqNNWDuu1PgEukvCJDUfDxZ04oqRPtELlTFA+iJMRWW2BCJRAqN33wpLI9qm53Uyg4ZoqGlBW8lRrAWBvSGsj9INEFJe4t1SMknz3q+wJgCC5+nwr1WHMvuGBVUE8uNyIEihhlI4YYwf3o8brRpRSQNynZzvIPxUIcARhPxTY8U2g2nfAI+fPeRRnRcB\/JMbytApHr8RPcoQ2VjJEQ5P+ZnPB4qzF3tU8PJXKk\/Iz93vjGEEYv75KE4ta0KGyROUiJJTrhW5xgN7z\/eZTnQK9FiFR0Atsk\/5engV5VkbmCHfIEAQST5ANhzxnExz\/XgfGra31U1Agz8PXWDCjb+O2AYTbI8cGwTbd9T\/xyCrasD9mJsbJucAZHGKf\/a5BHKNrMCFFCKhaIpwDo+1RW1w0NJjyJHct7NQA2f+rd8TCA6M2pIHObcDe2vqlqyhTGPqOcGaFxyQoSMxiLZkBB\/ehYzov4hiC9432RW5wH7AA0dav8N\/oDVsYev8RrGepQBAnLtlyvd5lnLso0kbYBXlteD3s4skj7L5NdPE9X+d8u01QQXH5lD9SttP3ur2qZyaPuz7kpDt\/v559XF4HO4JYTPAIXYak+7giuBKbT8ttl1gLyjNTIn6Wb2hWVy6gD6AA13w9Bt17dPPjeWfO+a\/UtMWYR8jZixqzautoXV4BVjKLkcHeO1CWs9hTdYMuBtr5nlfBYyPtai4kwEX4sJICqG1hpox71umTInnnp9J8GWlnqi4lgcjwBsWA9+Mjtk7S8Scfqkuh\/EQ8oLT8FsmvIGiaAoY6BVVpnXLF2AabHaNa8wXCjSDA6eaDtdYF+QsoQuTNmhp\/3y6xHjUJehx511zgqDBpRQSOJVl5OjlTcRtI1NwasT2FzE7vJKWzBJOuj1hs0vJ5ptt8GA+tlwxcDlkNjchMnRRwrk\/VHlOzPsG2HNqqbkO2JdHao4tqQT3t0Gkt9IT19Nm6jDsYmNs0i92xoBf\/hsehulRy34vLcg2hnxXrElot\/fhUCcnrs7cz77h3YRd9PkBUXkBsR7OPHV8Jlh8DW6g9dP0xk6pNwFryNxGFcM0pFBQ\/vyQh0P8bXq8nL4tJxqFQyivuXoid7Jr0jLNMfYZKSqXKARnUfUFQpzWuamwdW13s3CLTE90ng26\/yTHxtLFti2GyuxFSSSjCcUaMRkHRsyjtwYhX9nQ7MMrP+Kwl2PuLRf+gnPXr8uUoLiVmw9cHavRxVY\/rFhm+5Avrile50yIrqN90GdsBI2GGlBq1qZCUF0d1+wCKQH5lwJsaKGM31hcF7AqjSv2AOn929yv7LeVra2p\/MVq4KOqG3QgISQF"} 00532{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":365562,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB\/AABAAEAG9zfAqAEGNHJNIeyLAbsws\/nkxyalaoAYEACJxAAAAQEICjCEucBhHwL6FgMDAEYQAABCQQR2LdhnTLVLdjhoemvgAvid\/c5uLTUOsUTPRq73jWUkJpwr5TLWPvB+S\/rTQoynFejo7iEIeKUXIr7Dmo+ugaFU"} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":406369,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00425{"flow_id":44,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1901,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":417112,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0abFAAGwGYdE0ck0hwKgBBgG77IgacXcqco2Uv4AQBAWAZAAAAQEICmEe3KMwhLmf"} 02366{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1902,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":419490,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} 02362{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1903,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":419728,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN9AAG0Gdfc0cg8twKgBBgG77IfA1Aw+Av0PYlAQCASwbwAAgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUkZ47RGw9V5xCdyo010\/RzEqXLNowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQBVY727HtdDTWTVU3AbtZ3tnfdD+ZIlKkcEvZhdGtfLR93kO2x7R0zQ0gqTA4aKylbIsNQcc94W1dk55E3115Ppa6TByUSyEBMXJpQIozocfAobGecmcxvfsDbO3XlvEk3eGXCNw1GEP+rtYMU\/+G1gqniGLhyjzsQhOICG4HcvANg6cJySwm\/SpQOH5H5DpyW4ysI7O05cptAk2rTAECIrDpTpy71oDwjEsWh37mPcHPwqAlJXrBDfF2Q7AyWmFm9QtmVUjJVaSctLDzU7VRUkK0aCtXPjvcWrNR6x4uytuNZ4gOZpOrX1VtGx1rAv96q4SlFQBqy6dFVxh0bQLZQpABKb76cwUG\/pWvDwYapu2OitdqL57QTlrGdYa8gq7xRwy4BU2eaYR9SKjM1frVxvs5WmDo4EazQeDEV6fP909krjox7GYVlqQy3SY9nhd8uKRKiMrkg1OfFkJGSK0\/pkD8Pkb8lOaiQvEH9UotHMfjDU7K5\/h5EZSCzJCECqM\/4bVsM8Yk0bqsKjHgiO87h8gMUBfXt2sbeoARoOxGRoIatLpqqBn2fcpLxHrpFlVa+NDdwfaczPnNdQDU959HgnZeOmBRL9lYJRLEoukvVJGyjGLKR8KcZ7QGVBfKeDslSsW+TEb7QkPKwuy1yk88fuHFa53lEyjPd7CdVCLrtRWwAFuDCCBbQwggScoAMCAQICEA8sEMlbBsCTf7jUSfg+hWkwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUxNTdaFw0yNDA1MjAxMjUxNTdaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ6qFcEboWNf5lEYxRa7EdwLTZuRCrpASSvc1gYLxXdZLDRCRQtOqMkW8CjzH5aVvx7Tn8yHgZYhpOezMGatfG4AEq+9LD1FrqA\/dex1IAX8QWKBfMwO2SHucwBzgxW6CS+xYP2qYG0LPxomWTQotEJEFFs8NJ01JlUjUNJs+qQrveQ79VjLCxsjxn3Tfcw90P0BA8ieveUII0SMWANQ1BPueLYtpOq9MnChUGJMlsGduRw9YdpGLd6L1vObxesu7Y06lBHC24ClAgfNf\/eeYXSy7GxXen\/aNj5FPMbjnN1Pm1Hnb7+km7bxowRGXhch\/PwmkIc5bCjB9Pjjzhb\/2zKnC2qz8NVdbDldW5eF"} @@ -569,7 +569,7 @@ 00497{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":446109,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAG90\/AqAEGNHJNIeyLAbsws\/ovxyalaoAYEACJMwAAAQEICjCEugthHwNdFAMDAAEBFgMDACjKOW9G6pYYFQxbBReF7uslk560sh+IyAUFvY0v0wF49L1jZlB3T9Xz"} 00559{"flow_id":42,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":447913,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"EBMx8Tl2KDc3AG3ICABFAACTAABAAEAGNRjAqAEGNHIPLeyHAbsC\/Q9iwNQd3FAYIACT9wAAFgMDAGYQAABiYQS80kqcx+dHmOVYK7Aj4fzmayr6AuRamhmxIa7bAW3xyLCmAKUzligWw+GpX4RkL84fvV2uF\/yIkEkiz4MehM51+B7Yj7T1\/gX4fcTf5d3U6r4rw7oO0MvcSYRG4w6OjD0="} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":611278,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","type":38} 00497{"flow_id":44,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":654367,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnabJAAGwGYZ00ck0hwKgBBgG77IgacXcqco2Uv4AYBAVQyQAAAQEICmEe3ZEwhLmfFAMDAAEBFgMDACgAAAAAAAAAAGwcabH\/l\/Aiqt8xUwEcbKVK2GP8JMZve0ScvcZSWcOF"} 00427{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1983,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":654436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZS\/GnF3XYAQD\/5yEwAAAQEICjCEutZhHt2R"} 00417{"flow_id":42,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1984,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":655741,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAojONAAG0Ge580cg8twKgBBgG77IfA1B3cAv0PzVAQCATCxQAAAAAAAAAA"} @@ -612,7 +612,7 @@ 02360{"flow_id":50,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":390751,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyPAbtgh2jpU\/Rh04AQEABHWgAAAQEICjCEvaNhH1wbFwMDNdQAAAAAAAAAARS1AoHXGXc7ihRSv8Tj+OXeK+qLZdoX\/mtelTHHto9+Wt9p7rAA5AYVg5NZL5AXwb9HECOHcFlhgViy+5wxuPvZrKY+KKgK1ZenGpXegDUDBWPYD3ZM+o97cm1z53yFtSboc\/ZDjVXzb7SnpUQRXFQRSeB5HZWjF6ygcN6HjR24xah9Uo7w5MdSB1VDlrDEJqCG2AZSRzLxWU7m4CREuN+XUcyMe89kOgMx+ky67xET9JOHDz+9P1ytKQ6R5icdvlhhZBdaSfU+Fq1Z8xnj84KwlE3hiZqYo\/SOPGmZdGHFg0ePUNJdZAOp79mdHaesVjjrZ6vdZObQW44zYCxqC6QID8j4SdN5DRhqIXwPt8gYMIBTOYNoYINw7e530+qglCTVxBjt6oAoyJziRi+DTmQpTU+g++wOm5v4fkaaWY\/ec70fFtGduUoDXLFKJSXohIcQcceM+B\/JttzkltzW3ETtvMEjPhuSIpjI8qQGG+0gm6zn6754copvDuP\/+WlWm96OJrwdYLlv9AJhGhrRPCAE98jiTyVEl3hgyaphDeczFQaqSvmoz193uls7+mNE3ZNTQWn1Ek+C9yoOGffAN71OToXVn2ZXZHauo1ZVy0VKKPMUt1RbpbfNohcE7pO9LoV428NifaBBu0XKE8BTweL95CtF2LMu5g86mSXH9V6+w4gp3TOTnESu87xstVuu1gDmHK+2nHF9cnJosIj1u1T6Sh1A4Pz0Yl38uAlzOBRuUIpxmrQWM0\/GHYAh453mEfkIr+vIGiznXS2+kIsNr6XklYlaMV8D\/CbXOIuKMWBg\/x8NgPqbv03muTcfzO9DIndvosQv+xnZLGqm0VjGJ5CPyPxkFTf5RwAp6B5C5pjdEYqAuVaFP5VP0mU3TSpGUohR9vhOcygzDdbWo0Y3S4jNVUi9ISeunPjXSTC3rI0lx+CorS8SBxn78\/95Hs\/nld\/KhPhNZV3DaIUh45fDARRiHmKX9egCTZnUvkrilaVIjCe6HD8+LEpCkKCFyBmP6IxdZULQvEoUViIF4HqhVuUW0S1Has09dEoxuivUxE5FbOJgITFsjAyWkYRC\/tlCZ4lflDmppL1flv+jo8lS6sU1cPCJtzmZGp2LnX+QNohcfvCNFItMsjHIC2eYhUtqijW0wWeKypsuQxCnLH\/R9daYUuB05\/QoyvLsa9bFHNYb00Dn2E5FR\/8LFQuDsZPin4hHUDE6f68v4q34vYS4J7+CTSK8dtXngQqwfEkEQC9UfPh9iJv\/Y8IrK0lKdUIm5ynzZJlvpFLvnO149TB+MicIJNfz+0et3KGqsy\/N5e7h0rZuzbejXavSb9HLfn70zQgHZSCAf+3veULDRzxMOZaxKx6GXrsCsYdiL37rgFGWQnRxslpLJjljCefbKSu6AM2jCz52LAoeyBqKWNftV0k7vz8KV7AEBp6Al2W42AZcHOW7dn9xJCwWYj3t+rKO3hZSRQpmt5t69wfs6qogk1\/wD1oAWNIASxc+UOv0sIs1LTUA3CtDpn3c3wZ\/\/AEAM1JHpwqfLCBZl4GcG+s65a+FAsVp3IOWwIN6eFgjyXLAfsNmYVsTrmm28JBauIDzeOoGY0S+BnUUbaWMTSuKg3wwxAnHnYKFS2AfNOgBYGfZPR9oyGgnuH5Q2Mry5aU5reBvxWEHLJHx20HFRma936nde5NZjKDzNfnLTddhWmuo3WNQYjtDwrwe90bXUUpbMN8i7ztAjXAnL5a7H3B\/rpBH4XnMfdBCG24d5y32NB+3ZGc4JBih\/qzrnGVfvfivbywm8qdnysbdCdc0yyT+3TxH5SOX5VJvfOJD60PhUjUZ3V\/UCRc+TTdGgV2rO0OdEP9TkINdui2eY2GKv4DdtoZ0wepa9YeB"} 02368{"flow_id":50,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":390756,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyPAbtgh259U\/Rh04AQEABTVQAAAQEICjCEvaNhH1wbIrw5FRKsH6HIfUDB\/UW0W24JYRUtY5aU1BLH2m0HpRX0djJRDALdnRoFB8Zid7lY+CCAOVlGt7ZdcKye\/zDKb3XVuFsYrz1K2\/2cqJ8e5QC0L0ZKjl19dFWUi4oWz579Pvkqn4+wwiyQcC159kbX0JYg492cAOAux\/LMymWHW+6kwgsttCBpY1fr9YfE4xZ+DBZ4AeWRMA1dLrVEIUWUrnO6OddQUzeWCTCevxedzWew\/JamWqEoxfeMVyFK8Ta1+Qz\/FH\/o16Pb1t7JOIjRHYcOkWVu1gYMQtirNlysqP50DJZWltn7\/gzZ8J81BmUUrG1LDv+xiY2\/urYXIGO8F+imslJomLrCqYsPPlTkLhvElR\/IBFCT\/h45SkKj2AuXtOhfC50CEyvn2V4STKXq8SNlajhpqNqaU8cHLzXTaP4Yen9\/rV7RyRNDDHib0yzOynDXf6zWVjvaNQ2uJbpitmsOEGwhLGeQmbm83IxTs8YLJuUkgsUzauTKe8r92pJ+LIMj9fTQd75GwD7w12bvbrMM6vr0ej8BQhfnI8CeqJGS4EQxOTy0SxV2t\/18DnhW5rS33GuMrMBTYXDNVMloJ3He\/byO36yNrYbOzO9sMixesCi2z2eboTUhA+5mtBNY+FfxopxUQ7sr461JI+VUTwX+Ue6iWVWtL\/yXUd6tcwnlBtTjviLMQR7ZiNzI8lQ9ObGHE30pX34pV1PKMGmNAbHokF908ZFPx3JTebul6wVDoOMJtnWj+zaEKFs4L5oOfhwUSA5nX4HDCWJjy2GddhhWpnNFslv7od66tx9frksr8RdEmKnN3y4u8e\/0zQt4XuP4t\/+HUEGEyf3++HEVCP5fGkrl8CRZThenVChScmCmQn+XJCvE7M2Lz4QGhZ03IfNlFr\/2e+wJJQwJpomZPNCFVsVfvBAlYI1sPYgRzbdnFDf9FRw2OL75MjqyC7qZl8rTl2KCYjajA6rVGz4lGxuUr0SFULMz3V\/1L3kOBqbLVdF\/uTfyF8LwgSc8tTy4dCY3uXl9P2EqA6WM\/E+hY+FfGQudXd1HwDTRa36TqRbFEkULimHjalLhw218\/gYUSvF2OwCkgQXMLX6iAvubK5zw4ZtjhkDnSK23+rZwdAOy\/u6lXVGFHHFJNT\/9YfoXu1bhnkMUgeeE\/VDtE8GZjpTshsNp9SC4fuQsaSJfP\/6B6cL6iotWypa6vNiL5z0RcxK+L8uU9hS0o00q7nXgtbRA\/0oxhVxi5nxlvA8N3A3bEXaEpYAVfI+82KYgm7I9cysmOoaUxzct+bte1A9qoS3ajnLCUyBqWRu2oxELWS2nmdAVLcRyb7yjr6w1egMPh504z5es4ulMHXe5xC82xVDjukV5xkAFqY5ompuqNT\/M0M+aTSEGeRxntEJdhePyZfy+RnmxZDwyQh66vEty+IrjSOsQm52Sb\/fnrY6g3HLOSq19eoCSjs2jMI6xn1Um98kIIFnx\/RiJS3x8+pls9F5x665UifjrdfTTb7Bk0xWKvHErxYzuQYOuqoUDCV11ljiamNRn7aTkHupB8oAAjkx9G7tzKBx7xCvmxRH47tWx80VL2+FETKjdlPchOCrWrotI9dEh9A\/Zr+7zOzgjid1g03lxHUeob3c7dmllDs1W9BD99eEodUvNX5ffOnR+TOqIkRR+x75KPjWjMb0NQ0usP3Y1vb8OrCm0afBebZHLSJ\/3XBxDZ3RgsEmTyXbTzQ8lc7cVQk4nItJVPWGq7HQ9V1gHQiVa9lsb4PX+eAyNJBi3J+RbVId2FHBXwlt5cbgD+Pp1pAoFwVzAWuhPLl97WyycrSbhtbvCs7AYAdFnYQGScbLg244EWlpfMu0zI3O4dJhhLO8FjkaNU9bNw5iZLP8v7AXBWGz3ysKvueXWuK96"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":611252,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","type":38} 00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00458{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":659283,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="} 00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}} @@ -645,7 +645,7 @@ 00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1587041687370,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00706{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":382278,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmY0wAAAQEICjCEwWdg9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":412781,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00780{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2199,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":427043,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETBAAEARZ+HAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAJGRMVEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00440{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2200,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":430016,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAEaZAAGwGudA0ck0hwKgBBgG77JHMBk4leMqws7AQBAWoNwAAAQEICmD0enowhMEPAQEFCnjKr+V4yrCz"} 00692{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":435320,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"} @@ -675,7 +675,7 @@ 00425{"flow_id":53,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":544169,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yrCzzAZekIAQD6kTCQAAAQEICjCEwgVg9Hrp"} 00552{"flow_id":53,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2228,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":545241,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIeyRAbt4yrCzzAZekIAYEACxYwAAAQEICjCEwgZg9HrpFgMDACUQAAAhIEEei9EC+K5+wTIH7nn4OrBCpvwIyhcSNoau7TZIohg7FAMDAAEBFgMDACgAAAAAAAAAAJhotVo7bnsIfNVJhUttAitclNGZcxD+p1Dd2JviYPnO"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":611308,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","type":38} 00497{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2239,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":618688,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnEapAAGwGuaU0ck0hwKgBBgG77JHMBl6QeMqxEIAYBAVw6QAAAQEICmD0ezUwhMIGFAMDAAEBFgMDACgAAAAAAAAAAKmibfDE971fe1e\/39N5Ncwu98x5\/x81YgWFBEvwX87I"} 00426{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":618759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yrEQzAZew4AQD\/4RkgAAAQEICjCEwktg9Hs1"} 02363{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":619835,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyRAbt4yrEQzAZew4AQEACbkwAAAQEICjCEwkxg9Hs1FwMDQBgAAAAAAAAAAU7pYxlahMDWRzm9MFDgTtWid9FhYd7u+WsyEYSwBibY07OoGT1CwznR0tLGYhMqBxbDN9vic3fzw\/IYGGnoKKzzTy47wPGZjbmjTn8dMJVD5tOwEHjdetaUGeeDKOJuXarE\/8LhuvnzubzxwigYsvE0AWh7exGKJ9OIBLGFKErhPtaEtPyniW\/yvGC6j4V5\/CFBqXZ5WL1haaEk\/ZjAzh57u+1VBM\/wRYp+hdNLwXvCCWDyIPDaa0FFUvOl6qrDnM4S5MIC8xvbk8GWMVUjNvCpN2SAbjujkywLs+w2uYREU3ifWthY8y3aiqGhkbqqD3FFSDjkrOYg6XAZesZXevuHC6VVrOXWKgb4Re9RxLJFHoYlQpm\/JVkNwnBNB75t3Mv0nmSTH7fNNXXS2lAgrDQYYJz95oLeu90PmgrNDR4v7SsPKyi\/9RPaXtjlIiTbBWjPLtC07VGNizU0VL4HIzZmf3gUaXqn5ShkFdtkejUlml428oIUjL4zZQJuXxOJhDmjt8bPCyjiw0K5jFYV6XKaWcgGKqaFtGaRH4bsKdpJQW1O2xVYhWr4KJqMjjiJNKaXX9JN7kg7ioy2wXnTWVoYgbARgNXAa3lw9MN4xEM\/eU6cqvvf7kokL46vpVf093TNPtegMKvXERjVVEXBKLBRc3hADgInKSHS1LyMQF4vpg9OhOl\/\/z5kWRsovrahDJM5W76w9fTCBF\/tDo1uuWKJTZhKoXy4cff6zXh1SHCXseb1rIRfJ9hciowdJTpFFEP7BBwBb+C\/By0g3wrmr8VU+nTBmC5zw1agZ1foy5CKPOzNFSbIyAcRDK6R8w4zov8n3nf6g2XGARkpti6CijLJ9M18jwwu4I0D8IjjsNpSWcyLiW1AsqT3rs6gUTdgPb7X3PZ6bhC\/C8XLVGEmlc5KzFj08cxJdQO+gNAcD4CcsX3s5Kc71xM8hqLvkHfO4bZSAYYgT3u532iSaqScjpJbhES5B7L6TQyBgmjF\/UlqNn9Un86Zd9jsOwcMEXQP0nSkyL96CImG6rRqEQ6caWrp6WoNSHGGCIs6AVgd3toq8BbDydkyiThSrDa+EikhyK5LJlI+fdBBjZB7KmciUPVZ3pP3pBismpajZUCwX5pKswfiRHqMvs41I7VvHeuJIT2vz4FGAp7bTeRKru6nrBZ6bVFRkd9+U3ZLeacxYOSFo4+lHHxKSVLFwR8hTzrY5lxWTjBCfFWPKTJT2wrvtXZqpoNOY6fLOWGqZmstL8GbkXTJDyUUaRI5+Qj0r1CgotaTR2eR0AqkW8hUzmBzq2DebzbvMViLJZRRhKNJsld5j\/2MS8xDF1TOVtNO38KkaOLsl4pYgJx1UqF\/UZjBZkr2ZGQydCWR4XS27nfcpSakppKps\/534lNKE8Cf\/gggdu5z9zzeGGuhfcDuiJcMOyzfozd\/t1naCilqNSWR2Ri4RCIK89DYlJkWngqZZqAxpQWonPAw5HLhu3i0LtfxkHAmyu00XaJ6dkCGuN2kg7T\/6+BVOreag\/L8Q3YkGqOB3DmkCrHmMUxe1YlBrH0zJqbI3+8\/InBymHqx0rNT2q67xptFmc3j3Yys50HFz\/Gp3UON1gmlNQQtXvJeVjQ1ghHQxV7kuEBmO0pHxHzu3g2SAfCfavImjSSE\/20GqcSlmZk0eDJ61opqbP2px85hNdktAnnOQTuFIRMLGCfxNziUFF2gqj48mGjuQMuUracRHxHK5rFzbQ8aRK\/bybB1szkbR9APadQ7hrcGKmJGELnNhsrukgUDtsE9mrUXF\/x5CwvhquoBT5OaUOPq6LjE\/+TkVSkBcwVYhyK+HfgTcTskywHwCgPHYu8ASXMIBgGouqXa7eg9Olih1NMPKL9q2hUOoQAbsxIw"} @@ -704,13 +704,13 @@ 00470{"flow_id":32,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2304,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041688,"pkt_ts_usec":134826,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"KDc3AG3IEBMx8Tl2CABFAABTwZhAADQGRFanY9ekwKgBBhFS7ILLfL0aJqxLk4AYAfVZTwAAAQEIChN5Lm0whLFTFQMDABrJs0SB+OzC2\/de8I9YL02OJFD2ECcCfrYWyA=="} 00427{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2305,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041688,"pkt_ts_usec":134925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEuTy3y9OYAQD\/\/2kgAAAQEICjCExD8TeS5t"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041688,"pkt_ts_usec":611359,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","type":38} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041689,"pkt_ts_usec":410919,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041689,"pkt_ts_usec":611350,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","type":38} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":611386,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","type":38} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00464{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":880711,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} 00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -756,9 +756,9 @@ 00597{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2365,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":192558,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAG2B3AqAEGNHJsCOyVAbumbh0crneZhIAYEAD7QgAAAQEICjCE0B5SqirBFgMDAEYQAABCQQQK2dJCEMdhX7md\/Lh5ouYbeR0QO78n8njlcA5HQdgEcR4bEQk4KMHqHrxid1o7584ZuY8J6mKXsb02dkJUD4LJFAMDAAEBFgMDACgAAAAAAAAAAA0dAU2U0JIs+ClJsG6565DMr4wwIiXSF2v9oa+FYEKF"} 00555{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2366,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":204853,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG2D7AqAEGNHJsCOyVAbumbh2arneZhIAYEAA6yQAAAQEICjCE0ClSqirBFwMDAFgAAAAAAAAAAbwT8vUFA\/Fojr5f+cigicqpuAuzJpiwa1yz1q\/0GLhLgeNCd3U+W4HLxbcHwGMjOynBOWtzGHt\/xqnqJXowVUdqfRJcmwhgKsejNsTw2mwr"} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":410839,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":611256,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","type":38} 00780{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2437,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":419649,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETFAAEARZ+DAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAPmTDokAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1587041692528,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} @@ -767,7 +767,7 @@ 00526{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":528752,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"} 00424{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2441,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":578366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cMxAADIGTLOXCzKLwKgBBgiu1d6yibeDw8sj14AQAfXhSgAAAQEICnMgXxEwhNVF"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":611278,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","type":38} 00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1587041692808,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":808980,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"} 00437{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":880898,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} @@ -785,7 +785,7 @@ 02096{"flow_id":63,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2454,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":332385,"pkt_caplen":1291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1291,"pkt_l4_len":1257,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT9HBZAADQG5S6nY9ekwKgBBhFS7JY0lYYiFa2Ee4AYAfWqGgAAAQEIChN5QrkwhNdXFwMDBMR6yHy+1hHfRnWe2Z+VHlW8uSWmUYf7cLMllEV+oOio8AYtz3DgEouKRmVYpqFNxngiWnYarqSXdlKa5dDAU0z8UNEvoG1B9rgGWXz\/wg\/2PmzXB1I42qW4\/W216XtZl76qTUwZEpag\/aAyn5IrEYp7HyLn1jw3\/rr0V1RYXIcjCDxPtRGypS6A43n+Zd1HQGKu81g39UAB37IGQp\/FMk3gDhpGi9wPdiRW1mTqrcyVgZeir8b7gRWbXoO4lzOyC3uDiHNBOUHmc4I\/0uNv6LoauOx8vF1Wj8EpdeWG1ryHo0qt3yFtcRGXNl\/SMh5pnnoJN028a6CbZeKqUgMWptmEguOIXRfevIDHDU6mC5KCmD6lBVdGbUf6iYZpYhLJr3Lr2JGMpxcUA+xTEFif26dDRsEnxAhFpxWUbO\/2WWUyR\/fHLoSYGhbXdUbH3l5Af5rIo9HulJFlhjDUXoi92GXs3eYcVSgzNw0IKpRtiykmCBIjDNGy1+i+\/NMc4ZH7Z\/fgfP03c+IJMSCE4o9uMrxoIGIcs9wu4EN0QUFE2RPO\/+EjXTSb4pIy66lwT376WziHUf\/fi+J3WpcalQHy+PNTrWR7xf7K8JAEwWzyI98SMqxyHnpQCEe14GWIj5f4xDJq2STAmJE9FTVPWKAWaasgD7Mf35zCK7e4YLwbkGjzG3vrzY7psubW1QhrsA53Dk9BfYgQ1eSxRZDdu1PRu\/Sh40Oh+BOfjOpvPtI55KOIiaHerWAELDPyx3Ps9AH+hb8Qifj1OulYzp0BCmLku3ArqmYAHjCjG1\/4+5Gcq5hiKIoXNj\/k+FMZTHg9GJACrXdUm9EXEjZ8hm0z4U\/5tbtt8N4zbO9q5896+LLyrB9hFTKSqKwEwL2he8AtstySNaUFZG8MxMqv1JjeXOrshdzhskYScw1A5sumUYg1qLpPmi2VU5bIjP7TYV3apZoI34FfoKHd0yZxWqQUOJDU\/AFKsQRNVEE2y1gLfsN7c\/idf1fa6rkSjaD56yNJKQL\/R4yOylA2rSj1Nr9vbU80q+MDvLuPVO\/p6VjF\/HoJJlxqhbnVmu37kLA8gjaNUWmJzRwkVt\/39kRdYu0aZM+CcuLK9MCLAcUIXeiWSj\/OdWGlsmw88+6cnSl7oSPkz+aj9JeAUmNEgFbThXnRYkRpvILy4Ynqz5BtpNQsZBiF49kzoyIeR35aD+SzhQmsTiKdZqWXdi7yDJjdoZXyeeC6580aKHE7kis1rOh4c4HUxHK+ZDI3nEw9K5GCUAD4kV3\/hhyS2zPcN4lprikZjHJtHqPBx4gVB\/jlhr6JOgADsiHXpH+IbQLFR8zETNE0MbGKks1zkrYXQ5QtO4Xa02HTV0zsWO7TTSaEpCKsGjMThV++lmq1VRSuxOGfjUDff69LTHejwINO7p20f6ZMrvAbMhKVKuUmnmL55k6NakFeANmldTo4KBD7HVpnwZiyWP3VqvPnJ2rbPnAoobHVDJ9dcliinnvqy+7c6aeytjk46xxPtELt2JnNeMJ3f9jumuuOAUGEHlnNO8D2VZT7aBFgZHKFKH2jcRPn2VG2MCDghZz9njaybtK\/1JwPsG6oceLYjNAwu0FTYqxB\/vVUHohMG2wXVcTJAg=="} 00425{"flow_id":63,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2455,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":332477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrYR7NJWK64AQEABvXQAAAQEICjCE2GATeUK5"} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":412749,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1587041693428,"flow_last_seen":0,"flow_tot_l4_data_len":985,"flow_min_l4_data_len":985,"flow_max_l4_data_len":985,"flow_avg_l4_data_len":985,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 01722{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":428391,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00444{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":474528,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} @@ -827,7 +827,7 @@ 00409{"flow_id":66,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2504,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":609158,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDIBjkDveFAQH1U6RgAA"} 01148{"flow_id":66,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":609230,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMnZZAAGwGfnk0cvp7wKgBBgG7w2KOQO948MQyAVAYCAQXbQAAEO5WjXjIe6ycKomslpwe+EFt6Mjgit5TOxZ3H33HANI4vT53PRNoyKZhkE4S9iFCZzfCTWensJkZpnlLMABE4aqNQAX6ZU\/zapbAGS9LPTaiKv9Ry1gMKarsrTbdnF5winwAmVhwqa89tPKzbfBk4V04yBPdDJ2DjFTLanTQ3ELGqhKqqmcvrsuHghO2d9ak1HP13ExxC0+i4+GrhqIUwyWxdjniUJlyleN+iiIaKEg6jvrVHFWrR3PUtDbo8TEacEyF96c8xXcjPVnUVrhVI++2dvqyNpMZ8ACJADw9JEE8gToopzGHlqjm36adlbvaZA10Gxs+B\/nQx7a7NeW17x1RViO2RGJOk4lHSYkzJLzAXxFd+J6icgx2JzFBiVk7job1q60ezkEMDfaRdnPXFQ8MAAFpAwAYYQTcFelLA9oFcMXaZ1+o4whLp\/a59umnbq2FWq3OKBO8zamaxT2FyU19rYZ0ZilAUrKQf46lDK+8Hxp0k3fgqsnaxCN0dCohw\/JNH9hjSMMszCDsvH6g7UTzxGxVCtADiowEAQEACew2uQQDAc0TMzu4GCnlS5Qzgmai2FDlIr6yuHqj75k4WxQ8qA6CvskecRbf1DI9baDBITgISolwC9cfOnzbJSFP+LKDved8MDt+3jHN4TLLYVmpkkTYoA1qlWzMDaUvs17YThv1FNMmlaagZcuSaMDHizlaM3P7XnJYM0O9ky+rQRcXOKg="} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":611228,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","type":38} 00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1587041693611,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00486{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":611913,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} 00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1587041693611,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} @@ -925,7 +925,7 @@ 00561{"flow_id":76,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":346651,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"EBMx8Tl2KDc3AG3ICABFAACTAABAAEAG9rzAqAEGNHJNiOyXAbs8mpdqcONWHlAYIACaAAAAFgMDAGYQAABiYQQGSN+eS\/KFb8Ri+9QZUqm\/p+HJuiNYhjvW7ADwia6h\/rnvemPZfb2xkuVwO2i1nU8wXvu\/nQ+esfQAHxFC+8JpOowtnq+be6g\/jkMwCDoJVU1CwSWklPP5ZN6DxUWuPvI="} 00417{"flow_id":76,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":431149,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoVp9AAGwGdIg0ck2IwKgBBgG77Jdw41YePJqX1VAQCATaYwAAAAAAAAAA"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":611281,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","type":38} 00963{"flow_id":64,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2659,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":96661,"pkt_caplen":459,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":459,"pkt_l4_len":425,"pkt":"KDc3AG3IEBMx8Tl2CABFAAG9NJoAAGwR1O00ck2IwKgBBg2WyeEBqR78BzFRC256ljiqGAOx7NuC0kMOISiV3n6Cx+OVY3CV14TLJWVP6sirMGK8dPJHKR+K+LulCFKJT3LCilqMdLkQQ+\/1Q0BNGLB4+UEh8DCu7cFDlpmLEL+p8+eVXA6bpMeDE+W4cFhOysPpu91TUTxZi\/SuaHB3foegEX4Nwu5HYl9vxmkfFgN8elnpYDwLX3Nhc\/1rYHbhcjJKP8OmypeFdWdeEojlTbF+idsDENwTYVc9oIqOAY9o2187d\/+gitOuPcY2u24liZKUCWhC6b4TaDA8N5aW2kPLg4cZQ5TgvwUJzFfAzJaxnjTrqL6fo337kbBSZARHmCbWw6d9dKzUJk+\/4WdiACJUTI3acWG7qcvT\/JapM2u3drPOaz2qrx4SYsAj2G+k\/e0\/eIrAkLfPaq6UFfI3g3Wf\/iGxHi9ZDhRV9HyF97akUFZ8oL1udGFlSo1L\/TLzy3JJdW3txiJCoctEiP2XectUF1XkqQ71cMA5Y872zuCRepP\/YFDkK8ohFtS4svEtTuKMBY6j4c81dG2gYLhr7ghcnqnOkc\/3KXc4"} 00444{"flow_id":64,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":97624,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2KDc3AG3ICABFAABBKVQAAEARDbDAqAEGNHJNiMnhDZYALb7kAzM3NDM4ZWNlLWQ1NmMtNDFjNy1hMTZjLTQ3M2QyM2ZjNWU3YQ=="} 00617{"flow_id":64,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2661,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":97646,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAC96aQAAEARTOPAqAEGNHJNiMnhDZYAqZXIBl3+t6o2WT+OKw\/oTFMopouEH4gbE0oRDnfWSnKbiyKA1UFShjfP9XQMr3SuktBSg1fr9\/Cv\/\/M0m+iLV\/dO3k6aT89fa6A5A3fRXT6CWOsUW+zzpL9t2NYyp4ILTyhEca0jB07mOJmmtnQSS9730zSyT7ohVjIYmPNHU1Xc22zVUEHiNv5tw+qb5rATPwWbZIu65v4RMfw\/EGgkViIlMBU="} @@ -956,7 +956,7 @@ 00516{"flow_id":80,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2679,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":406639,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00516{"flow_id":81,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":407379,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":413161,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1587041695421,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00565{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":421892,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} 00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1587041695421,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -975,7 +975,7 @@ 00552{"flow_id":79,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":586146,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00574{"flow_id":70,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":591686,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"KDc3AG3IEBMx8Tl2CABFAACgfJoAAGwR4QQ0cvqNwKgBBg2Ww2AAjP\/jARUAcEsH9LrSqS+R0AO4vj8MjjMADwAEcsZLxgASAAgAAT\/MXUduzQATAFgBAQBEIRKkQh\/ct97trf42Mk9vtYBwAAQAAAAHACAACAABLIoVYF7PgDcABAAAAAKANgAEAAAAAQAIABQu4nbMkN65GU2342ZGB1HTuyfL4oAoAASbSS9w"} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":611288,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","type":38} 00573{"flow_id":72,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2700,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":621161,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"KDc3AG3IEBMx8Tl2CABFAACgVxsAAGwRBog0cvqJwKgBBg2Ww3QAjH\/oARUAcJSaToyZriiQZEEn466yVrgADwAEcsZLxgASAAgAAT\/NXUduzQATAFgBAQBEIRKkQmuoGPY0NxeEGC0ahIBwAAQAAAAHACAACAABLIoVYF7LgDcABAAAAAKANgAEAAAAAQAIABQmkyqTHQT6T56Pujrgj0IEPNmqmoAoAATGhbwj"} 00550{"flow_id":78,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":890424,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00551{"flow_id":79,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":890513,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} @@ -988,7 +988,7 @@ 00515{"flow_id":80,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041696,"pkt_ts_usec":573676,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Vi4AADURoYhdR27NwKgBBj\/Mw2AAYGMtAQEARCESpEKyalJ26c+bCI1C0PWAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUTaPAXiqXttOIXVsgmCJWtNuFFMWAKAAEjgd9gw=="} 00515{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041696,"pkt_ts_usec":574201,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0IwoAADUR1KxdR27NwKgBBj\/Nw3QAYHcAAQEARCESpEKDWwnX0gcAJk8k2bqAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUw6PYcnYrotsM1O+VvNKE3YekJS+AKAAETRcPqA=="} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041696,"pkt_ts_usec":611304,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","type":38} 00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1587041697061,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00441{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":61972,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"} 00436{"flow_id":84,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":91344,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} @@ -1007,13 +1007,13 @@ 00674{"flow_id":84,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":161437,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"EBMx8Tl2KDc3AG3ICABFAADqAABAAEAGxefAqAEGKE+KKeyYAbtVmTggYaqK54AYEACwDQAAAQEICjCE5yIL9mY4FgMDAEYQAABCQQRk8tbv6LeIp5gvcVYSxbCbmrbJQXr2V6WVIW9RSbM5ImfOurPDyt+oH5YG9KbvRr8hl3+B0iut5oQYoLu9t8+7FAMDAAEBFgMDAGCeLHdUZZ7GAv2JeIoTdx\/rO7Ic8\/2f7pPTu1lbX1y63KilM+TATij0QmDKUBbqXyQZKpaV4t6wCKADr7Wj93PHQ5b6xqlbnJHh6TgWE9tCVuUaVY+AeAvLTWQIHeMynf4="} 00575{"flow_id":84,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2746,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":192237,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfX+tAAG4GOEcoT4opwKgBBgG77JhhqornVZk41oAYBARoXwAAAQEICgv2Zn4whOciFAMDAAEBFgMDAGCBuVC\/T2rq99KYQBtaZ6auSviulGhAjILc6MEt1qo75gJZV6zYvdzGwYkgsi33Sttx+cXsDaengjJqcN\/wUT3dgs+mfVctteiVd4mK5Y808w0Xtsmk3O3+43rDaBw\/1Ys="} 00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":412826,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00158{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","type":34969} +00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","type":34969} 00781{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2754,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":427096,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETJAAEARZ9\/AqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANGFbXcAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00546{"flow_id":80,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2755,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":540741,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"KDc3AG3IEBMx8Tl2CABFAACKzoQAADURKRxdR27NwKgBBj\/Mw2AAdvoBgMkACwAAdOzKWqyy7khbuMy2CPAOdSlm9vfV\/zA8Fjk6DoSrzk1YoR3CjL6fRwBFxfILywlH\/e+ZsaLsnUb0kk1pdZ8vvvffelHLEDAb56eIg0Fd5N31Iq33qt+Cl3MrgAAAALb8aZ7glFC0uQE="} 00543{"flow_id":80,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2756,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":591500,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"pkt":"KDc3AG3IEBMx8Tl2CABFAACI1P8AADURIqNdR27NwKgBBj\/Mw2AAdIEuAAEAWCESpELLiCydeYhToi1VX7EABgAJRlkzMjpvNS9JAAAAgHAABAAAAAcAJAAEbv\/9\/oApAAgAAH\/tXgWOAIAzAACANwAEAAAAAgAIABT7q3YVkpLtqIBDQ4idBK1C1vp3woAoAASNt2uk"} 00456{"flow_id":81,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2760,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":604150,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"EBMx8Tl2KDc3AG3ICABFAABKHYAAAEARz2DAqAEGXUduzcN0P80ANmsVj84ABwAA5ltKwaXSuIo5xp1Mj3jnyAE4NEe2i8T7sf+AAAAAGmJ5GWX+DBatLA=="} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":611318,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","type":38} +00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","type":38} 00648{"flow_id":71,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2762,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":617344,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00444{"flow_id":80,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":617788,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC4dsAAEARCw3AqAEGXUduzcNgP8wALqScgMkABQAA5looGQQtzyCqRiLs2mAILrHggAAAAIzs+vyI2S6eRnE="} 02044{"flow_id":80,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2764,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":617801,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"pkt":"EBMx8Tl2KDc3AG3ICABFAATab+wAAEAReGTAqAEGXUduzcNgP8wExulzgMkBKwAA5lpsDx4xU6SHE\/lu1cbeWFc6naonT4JAuuoZuxzI2sow1YFjz\/bN9xje4nS4yGtK00hDpzDL30dBZsmDCgne5kA+GN7AB2rifeH85TWum9Ym\/tooPmTKi3RcSOyfHYutcmofKWKT6s5HQ0fhH3Z6TEwNM2mVI03jCxYraV2r9+r5vX2roR9dDhYZCtVYnoe2G94imh042ouKgMpu\/PMbneFIAUoIzKFlb4+KVdOQi9CqtSXinHYzN36ema5KYQpc1KyqvWCh55IReBkkf6eXTLqqSI6dTY6hZFgWciY5RYQ99JlURiHAJmhbQCRd7pQy9wAMJ3Dnv7MNtqksN+FOQwHUroTwANyMahHw5ah6ol+IhGg0tCOZU15M2KXffB2FHYXsLZhb9DdAb2qruuCuBo5bKggCZkeu6pQBS89aR5KgMU6ytD3htUIcxm7sAn89EmzHwqHEosUqx7BKyXmBTAXIz8JPiWv4VXpinCTtxDlo4SXifwylOdC+0SNYYJkWZzihLlaFHygFs2vHgi0K9WD\/oXvHIXSuuSTK2uxSj1jG8bJL2ykEEIxDyRFtdGh\/ZE+wftE\/mQ9YXajIN01\/z5xd2TdxJ0XFoYpjBA9wx2VkHjJOrAnh+sS74cNKz4juprWtOva9feBFvVQ2uTErBycBhDWnXY7mNb758ZVjfw29b82kC6yxlDX8dlXihl5NMKEZ\/fCkQXLDgFAGqlpUrD4YEvyEhCkoLyVGJNr5DnFltRPr75k4W1UHlJ4hsnM96fngXx1PRBKQxtntySydf\/gewnTwKpCJ8\/juYQd2cFLFENXsYY0fwFh2HyqUUXe8HKSkkeqSwdNLCW4SXakZRfCCfmRstuKJ+gtEoyR0bBA7yiN7oxZy0k\/tJgXCtVHO+dYMPxJ8U+Zf\/ERaIb9VcqVayqmjK7lYUYQlzr5xtjIN\/y0BnFwqnCVWK017RciqG4gAJJWDvcipvgXrLv+WM7\/tYsOzW\/qf5M22Wa\/bJs6LLzWeKJU7KuB3je3ekpHAgCGd6vhl4mmLHuyOJ2bQjGOBKgDEP+8zAn\/xVpFQp4pSUFWWTAOYY86A9jXXifGlGdfKSBIRj\/N7atpZUjpXIWN\/lbvz5PUw4ARDgWv2vNavHz0cekm1PzRbGRDiPVIF7xSamOQ8dimSWFLS7fiHfvE9z+Tn\/yKWVVYf5xtDBW8FR2DNl8k7005dCen26fidZ7EVGcXBoxCWAAl1+Gq23N9F9uql\/K43EHmfqI5N8AkOMCeCNZ3pAxfN0oPKGpjfR5ccfWU1eot6BRyBYU07SODDhNtU1JtVCI53CZfa64aKe13fJU4CW+tdR9bUMGuyvOtjXg\/1K9e3w6ZaYqdgp1xWudLj0ck5PlQ74yF50ptQb375kNBzIJn1Hbj013yqUM5\/A7z2NgaYTw1hPuYNkfagxRT1lhzj\/sbPqPshs89+pGA6B9WlovHvPUJG9OLlaXw4YEkUlGuNBUMdBG15ZKU2BXf0h+ZSUw79WtohyoMCIfVTG+ydvas7vDDIrwS3noXqCCRMOk26U0AffjXMPbLbB8QQLVPEQD1SOSr+39h6G5W1ha3VeQ4FgAAAAeAuqGnJ7B5kI8U="} |