diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-04-09 14:33:34 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-04-09 14:43:28 +0200 |
| commit | ba586e1ecf848937a612cf35bed6275578dad088 (patch) | |
| tree | 954884ee118dcb05ff17a61165ecaf853b37a387 /test/results/teams.pcap.out | |
| parent | 4e583cd4dedd6467f300eea5947a4f6bb2c036f2 (diff) | |
nDPId-test: mimic full nDPId lifecycle
* generate DAEMON_EVENT_INIT as well as DAEMON_EVENT_SHUTDOWN
* process remaining flows before shutdown (and generate events)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/teams.pcap.out')
| -rw-r--r-- | test/results/teams.pcap.out | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index 33cdc18f4..dd51fb57f 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -1,3 +1,4 @@ +00382{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teams.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255} 00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00777{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041672,"pkt_ts_usec":419153,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}} @@ -1031,3 +1032,88 @@ 02051{"flow_id":80,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2776,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":676447,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"pkt":"KDc3AG3IEBMx8Tl2CABFAATa6dkAADURCXddR27NwKgBBj\/Mw2AExilggMkBKwAAdOzsa5K8UoqAgMkd6DyrDFM5Z5ls+wHmur1BhbBuUi5o3AHNCpvPNXoPapE6jrC+JzT+SZK8D06h9KkWZnNZ0to+rDxXAL8qfeNCyQf8VSQ0AntLdH\/K59E3hXZoxKxbgv5xmpBpN4h1DRb9ss3Zw9lHvXc\/zsARlFA3rTxVvmG8JuxQyZ11l2MiBj9O9PdNIgqmQ1X\/t8VvsmcP+oaVyL3Rye4vON7N9\/i3GQfK6jefXyT1F\/FReir67ocbsdrX4arGdGCd4Z7JejYiBJDSTjGNHiAnz7fAVLR2qqJL4\/Sd8X8dQV+r3yS+02htPEKHVN9cxfg\/OrSm57mPr52PrYaZ7ojRC3fnjoDXQu9PKKdBMNxw2ArNdoz0fpib6VWO\/EXu8gg09eqHwBEubXujZe+W8VKaLv\/4JLWNuhjLYaYTayQdmWDR\/ghya9BFOZMgbQTqjCeK5p0rW7VJ84jhVQ0JrJEtvM7SR3GN6Aksfur8vluQMNljEf0pe4ZXLIkwKxbUw2XInUe\/MrWGHIrq72jgjiaeuCLdP9pTVb23+PswDjwfr24AhxZxhkjRbp5SqjFwht1aWh0EXq3HsBzNii+irNEd6Pb7dvdE\/xlAVPTYMjZRBlTGv7elYyfGxw9YcKOu\/mcnyL2wusZdMc\/2lW0e\/\/s70KlhN4cSdg9+68j9qKCKCjrk5ts8OacUCq6sdwpP93U\/vaeEBHyR47Tzyfv1Jimai1ElwYHqr9C4C5ZMSfglAU97+eT9jCQG6NLM4gCbt+557epmUASqswbBeTk\/nN5weW6zTNPFW2iB9hYQxGa1WOY2dnVWQ06fxh08sjwfySpW5jTPNnpJa+ebIDJ1gmhlQom6TSavGEaLMnUlBSh40YzBoSITQ6\/hPa6QMANwcufrSnM9lfVHtQcxEQUmXywUAOQss+xImJic9lANftI7cg53ol9psrYwRvwIP6sJl9ct990QvLyQHF0+BGcKIQaVCLLS8z5Vq7PNqxYl0pZXe6VJ4fVCVoUBgYAs5oSxFmGHh5UnV7TXlPgZfuAWfZR70M3xVymqw6DLqU25r\/DNfjLFP37YjFuvJEGlAsHex+mfPYAR1UcKjdn3O1LchDrKOblh1YKg7ZVE7mAzkAi\/1nM3ZZfXZ7nGnqyWZEE6SeX9J8d557nRzBbgKQfX8b6QyIipZQHaKYLT1uCeQuHhoeOi9nka4DyXixxciPGXsP3CYn8rMacQg+2nCZtkAzyP643oGuCmv4OoP\/dPKqpk\/G67Lpw5G55kJ0UbCgi6jUrG7bVFWMuv8L\/JEjEuNlGyMphzfPfmlXefF647EGhTXLymFznu95xGlhre0omC5\/AvhztRX7vR8nN372CvUepGLo\/oMN5Jb6zz2V8i2oXn8NMp5kLbZxjRl0ZjFk3uRvayyWBSNvfY\/nxbVl9cjJOWlDhjRo0LH5FrIx+L08J\/U01uek5LCClDUdc9KzE1t7PZL1\/sNf+f1xp5CANozF\/uu+\/QNRdgulBTdfDW6IKj8XEvdzIHuOEs9UL2y8mbR7h1NTWsZfYTDiwy11ObRF6CUkaZP08bUDvAfGLcVYzBXFUCQZOJgAAAAg7rLYYXyWxwhDw="} 00592{"flow_id":72,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":713165,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"KDc3AG3IEBMx8Tl2CABFAACtVxwAAGwRBno0cvqJwKgBBg2Ww3QAmStwAQMAfSESpEKq36JSlpzO4UFUsSMADwAEcsZLxgANAAQAAAAAAAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAIACBb+0dO7XG7sUjMCcGQZhDcW3hrI\/E2Bu3cGSpxYdsKow=="} 00594{"flow_id":73,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2785,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":714311,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"KDc3AG3IEBMx8Tl2CABFAACtVx0AAGwRBnk0cvqJwKgBBg2Ww3UAmdF8AQMAfSESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxgANAAQAAAAAAAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAIACDm9keelgh3gAU1t68wEkZCoxEf5LkRAoAG52M5NOQtKg=="} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_tot_l4_data_len":7466,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_tot_l4_data_len":7582,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_tot_l4_data_len":7530,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00455{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_tot_l4_data_len":7994,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_tot_l4_data_len":13457,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_tot_l4_data_len":776162,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":597,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_tot_l4_data_len":9810,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_tot_l4_data_len":31500,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":605,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_tot_l4_data_len":8660,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_tot_l4_data_len":600,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_tot_l4_data_len":10410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":61,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_tot_l4_data_len":600,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":69,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":53,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":46,"flow_max_l4_data_len":148,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_tot_l4_data_len":62529,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":812,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_tot_l4_data_len":21202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":623,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_tot_l4_data_len":12901,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_tot_l4_data_len":8326,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_tot_l4_data_len":8282,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":59,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_tot_l4_data_len":12988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":541,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_tot_l4_data_len":11276,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":106,"flow_first_seen":1587041682420,"flow_last_seen":1587041683086,"flow_tot_l4_data_len":89754,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":846,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":37,"flow_first_seen":1587041682423,"flow_last_seen":1587041692106,"flow_tot_l4_data_len":10500,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_tot_l4_data_len":16124,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":194,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_tot_l4_data_len":11564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_tot_l4_data_len":16494,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":568,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_tot_l4_data_len":9376,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_tot_l4_data_len":10437,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":417,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_tot_l4_data_len":12708,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_tot_l4_data_len":19902,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":603,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_tot_l4_data_len":23569,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_tot_l4_data_len":11237,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":340,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_tot_l4_data_len":8848,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_tot_l4_data_len":1722,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":28,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}} +00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":28,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":46,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_tot_l4_data_len":15603,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":59,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_tot_l4_data_len":3592,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1258,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_tot_l4_data_len":4664,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1257,"flow_avg_l4_data_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":58,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_tot_l4_data_len":12691,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1209,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Skype","breed":"Acceptable","category":"VoIP"}} +00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_tot_l4_data_len":12691,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1209,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_tot_l4_data_len":213,"flow_min_l4_data_len":66,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":32,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":32,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":52,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_tot_l4_data_len":7878,"flow_min_l4_data_len":46,"flow_max_l4_data_len":1222,"flow_avg_l4_data_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_tot_l4_data_len":776,"flow_min_l4_data_len":54,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":69,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":62,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":75,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_tot_l4_data_len":9564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":597,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_tot_l4_data_len":9564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":597,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":49,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_tot_l4_data_len":1470,"flow_min_l4_data_len":140,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_tot_l4_data_len":432,"flow_min_l4_data_len":76,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":108,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_tot_l4_data_len":1001,"flow_min_l4_data_len":76,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_tot_l4_data_len":1817,"flow_min_l4_data_len":140,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_tot_l4_data_len":432,"flow_min_l4_data_len":76,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_tot_l4_data_len":1001,"flow_min_l4_data_len":76,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":108,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":49,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_tot_l4_data_len":9285,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_tot_l4_data_len":11055,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_tot_l4_data_len":11027,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_tot_l4_data_len":1230,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1122,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_tot_l4_data_len":1230,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1122,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":44,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_tot_l4_data_len":9656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":459,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_tot_l4_data_len":9672,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":460,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":56,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":55,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":59,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":69,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":66,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_tot_l4_data_len":10405,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":61,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test"} |