bump libnDPI to 0b3f8ed849cdf9971224c49a3958f0904a2bbbb5

* README/nDPId: fixed typ0 Signed-off-by: lns <matzeton@googlemail.com>
author: lns <matzeton@googlemail.com> 2022-06-06 00:31:59 +0200
committer: lns <matzeton@googlemail.com> 2022-06-06 00:34:13 +0200
commit: 3caf7727fd65e32e88d6e9153824b2dde68ade91 (patch)
tree: 952a939fd2ebc6252621719882d851e6b297114c /test/results/whatsapp_login_call.pcap.out
parent: f5b002141300df8fcfe48ebcbd697c9227815559 (diff)
1 files changed, 16 insertions, 16 deletions
diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out
index bc3f45006..76c68232e 100644
--- a/test/results/whatsapp_login_call.pcap.out
+++ b/test/results/whatsapp_login_call.pcap.out
@@ -3,6 +3,7 @@
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582222253,"flow_last_seen":1432582222253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582222253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582222253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222253,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432582222267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1432582222267,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582222253,"flow_last_seen":1432582222267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":1,"thread_ts_msec":1432582222267,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432582222410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222410,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0e5UAAC8G15ARrGRGwKgCBAPhwC9SU4\/IiD0hRoAQAJuGIAAAAQEIChCVDjkt+hrr"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582223075,"flow_last_seen":1432582223075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582223075,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432582223075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223075,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoimtAAEAGmaXAqAIEEZpCecAOAbvaSAv6foHOKFARQABkXQAA"}
@@ -23,6 +24,7 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582224238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224238,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0pWwAADkGNJ9duodSwKgCBABQwBXhXSkWroZu\/IARAeZAKgAAAQEIClj4+ywt+iJ3"}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432582224240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224240,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA06DdAAEAGqtPAqAIEXbqHUsAVAFCuhm784V0pF4AQIEUhrwAAAQEICi36IpNY+Pss"}
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432582224258,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1432582224258,"pkt":"APS5Jrv0xiwDYGpkCABFAACJJDcAADkG7nUXMpTkwKgCBAG7wBTRmfKoS8+iLoAYAghwjQAAAQEIChFecist+iKKFQMDAFAv7dNuXnOpK1CdvNYEt52MdeH58dywqIMfN+GfFSQKoHdGcEPHPIYnDd6I8bRCtU0lSoikjPCdTCArNmgRywMWXqpqGQcfgITTy3erXmajWw=="}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582224230,"flow_last_seen":1432582224258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":42,"midstream":1,"thread_ts_msec":1432582224258,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582224259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224259,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JDgAADkG7skXMpTkwKgCBAG7wBTRmfL9S8+iLoARAgi9fgAAAQEIChFecist+iKK"}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432582224263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224263,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UnIAADkGPNoFsioawKgCBABQwBZ503WfeS7N5oARAeY3ugAAAQEICmSSnpkt+iKP"}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432582224264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224264,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0QQVAAEAGB0fAqAIEBbIqGsAWAFB5Ls3medN1oIAQIFAZNgAAAQEICi36Iqlkkp6Z"}
@@ -164,10 +166,10 @@
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1432582250618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250618,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1432582258587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258587,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="}
-00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1432582258730,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258730,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIG0oAAEARj7DAqAIEW\/2wQck+JIAANKXrAAEAGCESpELdaIZ9jcVOA62tiygACAAUhE7qa\/gs1xldMnASKkUclFJWums="}
-00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1432582258815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258815,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="}
 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1432582258825,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582258825,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1432582259254,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582259254,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="}
@@ -246,10 +248,10 @@
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1432582296565,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582296565,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4sAAFMRJqEfDU\/AwKgCBA2WzjoANNk2AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE58="}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1432582303186,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303186,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI\/ugAAEARW8\/AqAIEAcJav846yg8ANOnpAAEAGCESpEL3EVgs34UDSm8ZSi0ACAAUBo8N2M5l\/vTJutWmGJeHW1ycL5M="}
-00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1432582303300,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303300,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIibwAAEARIT7AqAIEW\/2wQc46JcEANNm\/AAEAGCESpEJqJ0QlQ7N3HdICmh0ACAAUdy+mbVoXRYBrOj7VSucZjRXX5oc="}
-00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1432582303604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303604,"pkt":"APS5Jrv0xiwDYGpkCABFAABI2uIAAC8R4ddb\/bBBwKgCBCXBzjoANGAJAAEAGCESpEIU61RZ3ZsVVlL2qyQACAAUqmIWy0WW07d7nJ5APIsHCVUVL7g="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1432582303607,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303607,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbOUAAEARPhXAqAIEW\/2wQc46JcEANIk8AQEAGCESpEIU61RZ3ZsVVlL2qyQACAAU6CFWVCyx0lHi4kItE160ER18SxI="}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1432582303831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303831,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIdWcAAEAR5VDAqAIEAcJav846yg8ANHIiAAEAGCESpEJT9nMzid0wAn5OIFYACAAUj7UY3ZixJKF1uir6vHE5QBib28w="}
@@ -278,7 +280,6 @@
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -293,8 +294,7 @@
 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}}
-00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
@@ -314,15 +314,15 @@
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00849{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00848{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
 00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
@@ -342,21 +342,21 @@
 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-data-len":132660,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":35,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_msec":1432582361929}
+00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-data-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_msec":1432582361929}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1253/1251
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 132660 bytes
-~~ total detected protocols..: 35
+~~ total detected protocols..: 37
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5214459 bytes
-~~ total memory freed........: 5214459 bytes
-~~ total allocations/frees...: 114746/114746
+~~ total memory allocated....: 5989039 bytes
+~~ total memory freed........: 5989039 bytes
+~~ total allocations/frees...: 119521/119521
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
 ~~ json string max len.......: 2437 chars
author	lns <matzeton@googlemail.com>	2022-06-06 00:31:59 +0200
committer	lns <matzeton@googlemail.com>	2022-06-06 00:34:13 +0200
commit	3caf7727fd65e32e88d6e9153824b2dde68ade91 (patch)
tree	952a939fd2ebc6252621719882d851e6b297114c /test/results/whatsapp_login_call.pcap.out
parent	f5b002141300df8fcfe48ebcbd697c9227815559 (diff)