diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-06-19 23:29:26 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-06-19 23:29:26 +0200 |
| commit | a80b6d727186a59d745b001ad43cfb7a2c0b53d0 (patch) | |
| tree | c19c6e068fc78991217a84aa50460c74d2080d5f /test/results | |
| parent | cdaeb1632e749c7f973795e1b74011f501c9f66e (diff) | |
bump libnDPI to c287eb835b537ce64d9293a52ca13e670b6d3b0d
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results')
336 files changed, 2677 insertions, 1213 deletions
diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out index bd14ed8ac..f1722e34b 100644 --- a/test/results/1kxun.pcap.out +++ b/test/results/1kxun.pcap.out @@ -48,12 +48,12 @@ 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1470104377734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1470104377753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1470104377753,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="} -00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}} +00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1470104377820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1470104377820,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1470104377839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104377839,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1470104377839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104377839,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} @@ -91,22 +91,22 @@ 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1470104378901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1470104378905,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378905,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"} -00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}} +00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1470104378954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378954,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}} +00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1470104379066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} 00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1470104379066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1470104379115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1470104379115,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}} +00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} @@ -137,12 +137,12 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"} -00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379271,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} @@ -159,9 +159,9 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"} -00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} @@ -543,168 +543,556 @@ 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1470104432728,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104432728,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDUAAAER8\/DAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1470104433649,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104433649,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00621{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00606{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104382448,"flow_last_seen":1470104427503,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104391564,"flow_last_seen":1470104422179,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":650,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"}} -00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1439,"packets-processed":1439,"total-skipped-flows":0,"total-l4-data-len":552863,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":109,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":129,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":695,"global_ts_msec":1470104433789} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1440,"packets-processed":1439,"total-skipped-flows":0,"total-l4-data-len":552863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":0,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":546,"global_ts_msec":1654385119050} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119050,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119050,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1654385119050,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119050,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119050,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1654385119358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1654385119358,"pkt":"nLbQ0+MztKXvZygQCABFAADxLm1AADYGSK+saF1cwKgCfgTS7iKfF2Naesk4goAYAfnUtgAAAQEICryhqPBm1jWvSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IFMxR1lPY3ZzV3BRa0lpb3FkaEFpMENndkJhdz0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119973,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119973,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1654385119973,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOd7pAAEAG9ATAqAJ+rGhdXO4sBNI37f0u8ShzhYAYAfbPKwAAAQEICmbWOUq8oasmR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE4IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBhVXMza2VlelV1aUhuMFlucmFuaTl3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119973,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119973,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385118","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1654385120216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1654385120216,"pkt":"nLbQ0+MztKXvZygQCABFAADxBX1AADYGcZ+saF1cwKgCfgTS7izxKHOFN+3\/SIAYAflO7QAAAQEICryhrIhm1jlKSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IEtVa3drYTlicGVRVFVqNFdjZnNKekJpSXRUST0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385120896,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385120896,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1654385120896,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOiDpAAEAG44TAqAJ+rGhdXO44BNLYsfEUYaCrMIAYAfbPKwAAAQEICmbWPOa8oa7yR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE5IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBYdjJmVTdzaEsrRDdBNVAvMW5FQ3p3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385120896,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385120896,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385119","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1654385121164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1654385121164,"pkt":"nLbQ0+MztKXvZygQCABFAADxUyNAADUGJPmsaF1cwKgCfgTS7jhhoKsw2LHzLoAYAfl7JgAAAQEICryhsD9m1jzmSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IC9xNHA4dFI0THBxMFc5OUR5YXRzaEViNXM0UT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127244,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1654385127244,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1654385127244,"pkt":"tKXvZygQnLbQ0+MzCABFAADRE9lAAEAGtJXAqAJ+oXUNHbh+AFDtitlbh1f3JIAYAfZyfAAAAQEICrrF4XWXEOLhR0VUIC9hcGkuZG9tYWluLmNvbmYgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBrYW5rYW4uMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127244,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1654385127244,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.mobi","url":"kankan.1kxun.mobi\/api.domain.conf","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127293,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":270,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1654385127293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1654385127293,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127293,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":270,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1654385127293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"cgi.connect.qq.com","url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}} +00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1654385127425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_msec":1654385127425,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"} +01075{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1654385127488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_msec":1654385127488,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":880,"flow_max_l4_payload_len":880,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":880,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1654385128878,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":880,"flow_max_l4_payload_len":880,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":880,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/homePageVideoCollections\/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":871,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":871,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":937,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":937,"pkt_l4_len":903,"thread_ts_msec":1654385128878,"pkt":"tKXvZygQnLbQ0+MzCABFAAObJTNAAEAGoHHAqAJ+oXUNHbieAFDTi3nFmPV9m4AYAfZ1RgAAAQEICrrF59eXEOkZR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvbWVzc2FnZXM\/bWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":871,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":871,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00621{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00606{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104382448,"flow_last_seen":1470104427503,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104391564,"flow_last_seen":1470104422179,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":650,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +01562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":883,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":883,"pkt_l4_len":849,"thread_ts_msec":1654385129190,"pkt":"nLbQ0+MztKXvZygQCABFAANllGFAADQGPXmhdQ0dwKgCfgBQuJ6Y9X2b04t9LIAYAPA7ygAAAQEICpcQ6fy6xefXSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpDb250ZW50LUxlbmd0aDogMTkxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMb2NhdGlvbjogaHR0cDovL21lc3NhZ2VzLjFreHVuLm1vYmkvYXBpL21lc3NhZ2VzL2xpc3RGb3JZaW5nc2hpP2NsaWVudC11aWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5Jm1pbl9pZD0wJmFjY2Vzc190b2tlbj0mX2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT4zMDEgTW92ZWQgUGVybWFuZW50bHk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjMwMSBNb3ZlZCBQZXJtYW5lbnRseTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5vcGVucmVzdHkvMS4xMy42LjE8L2NlbnRlcj4NCjwvYm9keT4NCjwvaHRtbD4NCg=="} +04185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2812,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2812,"pkt_l4_len":2778,"thread_ts_msec":1654385129190,"pkt":"nLbQ0+MztKXvZygQCABFAAruNTxAADQGlRWhdQ0dwKgCfgBQuI4gYNzH2G8CK4AYAPB8mQAAAQEICpcQ6mm6xefXSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PXV0Zi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjljNg0KH4sIAAAAAAAAA+WcXWskWRnHv0sucjWVnOc57wNBBFH2bu7N0JzXTDtJOqQ74y7LgDciKAgquyBeeCfCgrh3guvHmXX9Fv4rdnUCybBT6ToIUzCEdDKdf5+qXz3neT2fH6w3YXOzPnh+sL5JqazXB88ONsuLgh9fXB08J6OVdJrYPzvIYRMOnv\/084Nlxi+eHVyGi4L3ffvbv3735V\/wtqvVelOu8aeG\/yKeHSzXi4D\/XcP5uuDVRTgri6uweYX3vdpsrp6fHp8eXy3TEb3+9ObyKK0uTo\/fLHNZLV6HS\/w7Pb59y\/r0+Lqcl7Au+I49nR5rL2QXWHAIKpoiZWDJKmpvDRGzcMpaOvrZ1Rk+13XZLC\/D4v8jvrwKeWppMiEI8ilFp4TTOrKw1gjnrDdkndmuO50v0+vFzfU5Lvb1zeXuem8v5VFcnvW39P61T\/cu7w8OF8vLRbi6OvnfvThc3ORlPikmxyxF7CTUO6Wi6rzV1BlJpFyQJRd\/uHhzwkfuiI\/oELc7vcZtP8HNPVqncll+Hj47Gv7kxSqX85N1fr04u3q1uiyLT505XKzenBDeGa\/DZT75yWp1dl4OF\/j+erXExcwn0Rd2WLLUKrP2+OVZwI91SCaIWjuXyXXKxtQFL7hjR5yqSKypHG5Odky7nvVrfLzF5rMroExvn23h1qYRuuL0GB+bOwFgiwvs8HwZxaIkQ7m4qCzWYKpugu5I8SnR3UkrbVKsjq3VNjuncRWSsdlQLeyz3BPdrcyM0VW6DbnOw+iSVR3l7IurMgBfp4XwFCmbYAVTAc2pBbljxSckdyftTNYSa\/TeWoEnNVjy0ojINeT+1X7kDjIzJpcEfIwG\/gIRrEJnqIfTKqtM4lh9imQrvlDBS1jkBtiOEn6ILDan+zv4B27ft6IknRBzROnlsINj\/966p\/\/54z\/e\/fpXj7inLFr5p+b0WFlBXSGVhXKUXI2wloqt1yFGuGkpB84tmGM\/UvwhdzvQRvvlg7QMVHUMmfDM+aQUQoj+6dOqKCOUUvuZymGFHz\/f\/n3+qbNNLCV7bPIgV3VaELznnEJKglOSoSonZcpUsuXgagNrOVp8SnKHdVchVBBS2KCrd5KTyMJh3SWT0DIPbvl9uzwmstrKzJncVoGVuyVXdrhfNXOMOinY2upzciVKn4VU3qnUxuaOFJ+S3EHaah10ccXaKr0UQiL\/YaV12HZ0SWF4Yp9K7lZmzuS6RjZX35IrOhaZTZIccyUVkddxqoSQk0JYVZIKTWzuSPEpyR2kvRMxJa6pwj2w2iM9g4xjikkJhFe0r7ewlZkzudyIXHtLLnfZKgqOmWqNiK8QXLlAJgebKnIC3CYPO1J8SnIHaR9sjBmuEhlKwnukQLXOpFKfDxA07DVPtblbmTmSu4vjSN4Fcn\/+w+OBHNk2ToUUt7seyU5lVbSKpXBkDZNUkedGnjaTtARPcXALpyw0jBafDvA76QRbLIRR2URVWcsiatEmC+0KB2H9XoHcTmaOgG8LDb4VubehOInOcVLMRlXZx3MmpeSMo1itTSpF04bckeJTkjtIB5uly4hdLb5jV+BQ2KicqLGyCn7Ykp5mmqXYysyZ3DYpCITevVNBSJ5FFBJJWVM0\/EASyhZlHWIaYcGzKw3c4dHiU5I7rNvYSCIwV8lGiByV1CZEKkpaVZBB3NPmbmXmSO7OqYA\/PCSH\/\/TPd\/\/6+pHkMBk4Hg2KEVIy+HZedZH6xEQmhHs+CoEami5VoJ0hoapWaKgnTepTjBWfkO+dNMskVF81833ngsqOnUBumFDHj8WGuB\/fg8wc+d76FA6tOU3IRdsNyEWKzUvFQYpiQkLMpxKKaUJTRZMFRfDbwjLLkeJTkjtIhwCzHBDb1pJ1qOi1KeQsHCqKtlIadqQn+hTDCmdMrm3TuyAlCsAgl7qAKhQ49UEoklGQYrxGkgIFfckiDI1T09rckeJTkjtIV1ctkmpJo9PIuEQiG4tHFYFd8VkZt6fN3crMkdw7nwLF5KEh8puv\/v3FV486FY0qzgp3oJPwKjxSb2xICYocjGarUYqNpRqnWoR6PEb4Idi4RPeN5a7w\/D0Nir0owSvmOQK361BsVI4wqFF2kbNURGBHBOvJes8AyGr0mMJoWNFgh+cxwpOh1IuiWYbsnFEybRxGtr1Vcja6gIyhYC7BRYFSgTAeyVMuse8rb4HSGOGHKO3M0Af1v7xaXZQXaG\/+ZFMu1j9eXb\/ou5gBlaHukxc\/\/FHnInxFL7LUVqCnQEcn0E1gScmCH5XHtt7dB\/geO9gvk6SRas7w6jZNg2zh9XdwEgO2T8HIQVlGhBqwqwZjbCi+km5Skh0j\/BDeJ26pvShmPFjPEaWdD0dgaUgMffn1d3\/7xWM+nG6UGDIKwAUk+BKaBqOrTFKwR9NRyDZZGAt0Yw1p60kDlDHCUwEne1Ficn6OwA0+nGuFEnoeULeTyDEilRxLVD57YauXmuHs1KwULBkK9Q02X2lGik+H1FZ4zkRp1Sb3Z1DwwuOKFAqaQRNcmegBGJrpk65SYv5MUULLjrQttkQ5Wn06poZ1zxGq3b6IUt92W3z3my++\/ebR1IZok7tT3D\/V1mCIz5OUqmCEQ7IUMjMabZDKwxevK5mhbjDl1jha\/CF3O1\/+g4KJuyHXO+kQTES8hCfNx5or2jAQQChMWVqHSpEfAqj7iZQPb0neyXz8fL9\/2FO0acLAuMcturIrSnj0CsWig0PaOWDSMaGbCH3mcO3QRdRgGx4tPiW6w7o1C0zdpoxuIU7FGFcVWczAlISqNschI\/lUdLcyc0aX2ySUURe5Rdd2psaIYi1hnqxmJGzQoqtDCV5plBHyzvpMa3VHik+J7iCNwY8UseMYjCcn5NMxZh5SyTWghYoxtrx9ZJ+K7lZmzuiqNllHxWjahMOgu4SjAHAoBOIeRVribAj0z9RK8Fd1tlHkJlZ3pPiU6A7S2XqXhNUYBUTBr2YhHDwkHTX5mLDn7InuVmaO6O4cYr7rIHr399+9++XvH0kUsWpToZG6nyLzznTwHVDmY19Q1U0BhW30JODe4wCUhG4aNXiGU9rm0eLTAX4njYFadN33z3HJ8P6VZrQkw1y7EByFPd2KnczHD\/h7x0vJN2rulLfoYjIaOU6HOVNM5MGxwN6KUxUURtdQGUJ7stMtbLMcKz4hunfSyWj0Csn+zAFPWLFChtdK+Fg4VQOnaOxlm3crnDG6rNsMO0kpb3uIcKxQKDjrBFW3IkvyyHiZWjN2W0xfBoUzmRq4FaPFp0R3WLfxxohqskQ1QpBkbyUOm6o4CgbRHKZO90R3KzNHdF++ffn2v6mfUJ+ITQAADQowDQoNCg=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129449,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"flow_min_l4_payload_len":916,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":916,"midstream":1,"thread_ts_msec":1654385129449,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":982,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":982,"pkt_l4_len":948,"thread_ts_msec":1654385129449,"pkt":"tKXvZygQnLbQ0+MzCABFAAPIWPdAAEAGbIDAqAJ+oXUNHbioAFBarhYgKPds64AYAfZ1cwAAAQEICrrF6hOXEOt4R0VUIC9hcGkvbWVzc2FnZXMvbGlzdEZvcllpbmdzaGk\/Y2xpZW50LXVpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmbWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDogbWVzc2FnZXMuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01196{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129449,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"flow_min_l4_payload_len":916,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":916,"midstream":1,"thread_ts_msec":1654385129449,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"messages.1kxun.mobi","url":"messages.1kxun.mobi\/api\/messages\/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129508,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1654385129508,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1654385129508,"pkt":"tKXvZygQnLbQ0+MzCABFAADLA6ZAAEAGrXvAqAJ+dy1OuJeyAFCIwHUyTW4UsYAYAfaJyQAAAQEIChuIhYJcXfQQUE9TVCAvbXN0YXQvcmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtRW5jb2Rpbmc6IHJjNCxnemlwDQpDb250ZW50LUxlbmd0aDogMzcyDQpIb3N0OiBwaW5nbWEucXEuY29tOjgwDQoNCg=="} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129508,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1654385129508,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"pingma.qq.com","url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}} +00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":438,"pkt_l4_len":404,"thread_ts_msec":1654385129508,"pkt":"tKXvZygQnLbQ0+MzCABFAAGoA6dAAEAGrJ3AqAJ+dy1OuJeyAFCIwHXJTW4UsYAYAfaKpgAAAQEIChuIhYJcXfQQvRp0nw2ppXcC6yOw46wWgZzMy5FDJc4R5x6BDvjQ0wxoIXOGGYQ9NS8mc0GI8mV5B6RUdKOLLdyHMcd5TKKRXV6aUAhvfafdmP9+u1yyjoRBy\/Z4bsFO7z02iRFLaH+SssfPgku6BHrhNyeN5ALqOtKCwJWbgUqSjfxmV66Ayi6ArLH8ZRPEtkaOldzuHxhCZGsPLMj5lrpyCpBI\/hUytCRoVcL0dV\/QMO9SGuGNRi\/Ajkx3OZ7jw+iay1fvfajHKHxaFFiqQlP4ANAhjlwtkM1OWi\/Lk793\/2aCcJrjC4nFMTygSlSKmAIRkl+GU\/C069CZkcxT7jNFgtHFhmyXeOpqOHfhmo5N6mRINDfZIpwZkvTBUx608nxLnt\/BZ2XZomwSj9Suk4o\/lo2Z3vv3fPwkT6XztXus\/ExbD+p\/KI22uH8Uy5Ts4RpU6bqEMdXSPj2ssPfM+MX2Gy9aMgXGqKVNStu3vu3sFQ4t38e4RiEZp59c"} +00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1654385129804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1654385129804,"pkt":"nLbQ0+MztKXvZygQCABFAAE9gOBAADQGUyKhdQ0dwKgCfgBQuKgo92zrWq4ZtIAYAPE2OQAAAQEICpcQ7Dm6xeoTSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC83LjEuMTcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KMWQNCh+LCAAAAAAAAAOzKcrPL7Gz0QdTANPi2TQNAAAADQowDQoNCg=="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_last_seen":1654385129813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1654385129813,"pkt":"nLbQ0+MztKXvZygQCABFAACc4O9AACsG5WB3LU64wKgCfgBQl7JNbhSxiMB3PYAYACHQkAAAAQEIClxd9FwbiIWCSFRUUC8xLjAgNDA0IE5vdCBGb3VuZA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDM0DQoNCnsicmV0IjotMSwgIm1zZyI6ImludmFsaWQgYXBwa2V5In0="} +01619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1654385129990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_msec":1654385129990,"pkt":"tKXvZygQnLbQ0+MzCABFAAOQVoNAAEAGbyzAqAJ+oXUNHbiOAFDYbwIrIGDngYAYAfV1OwAAAQEICrrF7C+XEOppR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvdmlkZW9zL2NoYW5uZWxzLmpzb24\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNCkhvc3Q6IGthbmthbi4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385131029,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"flow_min_l4_payload_len":202,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1654385131029,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1654385131029,"pkt":"tKXvZygQnLbQ0+MzCABFAAD+y9xAAEAGhTvAqAJ+rGl5Uur0AFBJWQVPCSiD6YAYAfbp0gAAAQEICvK1BpnJoboZR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL2ljb25zLzUtMzI4ZTNjZGYyNDRjMDAzZGYwODc1NGNjYTA1ZmJjMmYucG5nIEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385131029,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"flow_min_l4_payload_len":202,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1654385131029,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/icons\/5-328e3cdf244c003df08754cca05fbc2f.png","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":1654385131335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_msec":1654385131335,"pkt":"nLbQ0+MztKXvZygQCABFAAFyOPxAADYGIaisaXlSwKgCfgBQ6vQJKIPpSVkGGYAYAOt1NwAAAQEICsmhuxLytQaZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMSBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNjIzMg0KTGFzdC1Nb2RpZmllZDogRnJpLCAyMiBKdW4gMjAxOCAwMjoxNzo1NSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1YjJjNWM1My0xODU4Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozMSBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +08901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1654385131340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":6298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":6298,"pkt_l4_len":6264,"thread_ts_msec":1654385131340,"pkt":"nLbQ0+MztKXvZygQCABFABiMOP1AADYGCo2saXlSwKgCfgBQ6vQJKIUnSVkGGYAYAOsBYQAAAQEICsmhuxLytQaZiVBORw0KGgoAAAANSUhEUgAAADAAAAAsCAYAAAAjFjtnAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5\/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP\/wBr28AAgBw1S4kEsfh\/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi\/mvwbyI+IfHf\/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3\/ldM9sJoFoK0Hr5i3k4\/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W\/gi372\/EAe\/tt68ABxmkCZrcCjg\/1xYW52rlKO58sEQjFu9+cj\/seFf\/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W\/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv\/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT\/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC\/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl\/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y\/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j\/i\/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM\/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c\/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m\/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl\/VfPV5bdra3kq3yu3rSOuk626s91m\/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r\/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q\/5n7duEd3T8Wej3ulewf2Re\/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq\/dawto22gPaG97+iMo50dXh1Hvrf\/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1\/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w\/eFIr1tv62X3y+1XPK509E3rO9Hv03\/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r\/y+2v3qB\/oP6n+0\/rFlwG3g+GDAYM\/DWQ\/vDgmHnv6U\/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59\/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm\/K3O233vuO+638e9H5ko\/ED+UPPR+mPHp9BP9z7nfP78L\/eE8\/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAA2FSURBVHja7FprzGXlVX7Wet99O7fvfps7M8wwlwBTBpRSW6AFLGJqULS1P7SNaPnR2B81aVAiNTZKlEZJq1RiUjWVtKAI0Yy2dUBKKQMMQxkGyqXDzMcw3\/1+Lvvsvd93LX+c7\/vmwoCgaEPkTc7Jzs7Ze6\/nXWs961lrH1JVvJsX412+3vUAbOuxzwEACIK0qKBZdIHUG2ZHxCyptKWY\/ic0sQaZ6UZZxxFRHWlpI8arH8OWcg6a\/jGKNqG31oNRHkRN59GQABvcLMQthyh1vomgPkyAQJEHMUZpHWL3LPpP3AcjGZo8iAIVRFhCLb4UQVhBV7UgBXYCGAXQONMDZvkDVVp+GFkVFjUq81EXZOX821zKDCYCswIgEJRV3k54CKBC4hVQKAA9WwjFAGJVQmRTGPJQNZlqKsopWlyDwERCgfUIWchaJRMIBabhLdSWAI5ApCAwoAQoQKpYSroxlU9gznZBySGF8fMeIBgoJ1BO0JIQjmJSNpESxwIbCKwVcDBVG+FWMKwLWZcCeN6wNA08Tv1YgjYBgBjwzgNoQ9UB1IZL3XBfe++tFZncWfJL3nPsQtQjqHeJ1qVqilZlws+m9faBuvnAw62iecTHfW0SAhGQw6LhmkgYaNafwtzADQiaU9Bs6uogfe4KA+46L6gOUzZWLuev9bI6G6HezqnSJOScNb632KT3\/x2S2gNNcVAFmq4EMuZkDuQSgqDIKcZS2yKOFQttYH5iDlUa\/9Rm+u5NCmCuqM4x2SJX4Z5gcWCukS9h8eFWk\/KgO8w+XZEDraxZ\/qHt+dW782TTX4MkIyiYGASCIIRtjV\/Z1fznm5P24avC2NFiCxAXT2amxy3xsFchJaMyIMfPqcYZpDGOpvvRRa3q578\/i+FZuBwzWRcoSlajyTZ8FaSKOveAtA7RAn2D3egOl2COPf0zBRGy+NKvz\/RecuuxsR\/na6tDQVfcvuiR+YHD7EfrXWGpx9vej27XB39tAMcu2TzzZ5cthruvr\/de98caDe1TslCVrWX\/0hd6pvfdUCoVXUex6Znniqvv7qmELy7MH3nskcnN3oXrBWEMT+xvKt+xo6lDu8vuhTsMWoPTsran2nhktmwBYy4GkQeW65clqCVSYYiAGaKWLWk\/9W6rhseLixaapdaJ5Prb1pVnjx+nDBWjoGTHa8HSPLhIwdQ1vcDbXjo2vPvug9Nj5+1auvf3t4Q\/vKY2+dzu6fwXv2yInhycuesvExnd2kYsx3HVV5vrdnzl+Rf6X7pobYiQXkRPaDHfXgB8BM3qmOq79vHJ+LITFy7+9u3eeEr8aPeaxbuw0Ptpqxw50uJkCJHAkwcQWECaW9qTj9\/cf2L\/DaJkWVtlUGnBD3+QK1vOx87BCWD0b6HSXHYhAVAkNoPlYKYWxzOLa2\/6rSfr37vxp4N7bhmY\/dYf9VFUhDYLnI\/T0ZHP\/2Yt6P17YBJJWIAV8KcwSi4e29cMwXZvAaEoUdMUkc51r5n40r0qbqJYOHQ46N3+jSJa8zCkA8LCacCGJXXkbP3ZW0bcvk810sq8M0m7xzbKZBhNAjWcB8dDKA9cDEw8uErsp67CC0bi+qjv3vPlp9td6XnZ178YmSyYtud\/hweuvW3I9jwkurjMiGdcK4Jzhsu4dOsIhFKoqmIWQlAKqb5JGZtGaP+lczOzW2TTb1xjiBxIYYmC3EuKMH2ASu75tWmb60+4T1zLA+8b24J77uxfOHDV0aMP6rGj+1CIx7a+AJfYBJZTnE7phEJCxMiRxLLgei\/504X80Suq6ZErlzbe8Ht96DrQ1Z7GkjWgM\/RXVhTYvHYQl+9aAyeyWneYnc3yUjYfXHt7QlMSp098roaXr8h1ao1y9VVAYEU9Gtk85lolDXwlK6hWzAfB0WqRTZ2g8x7r1yc\/2k4ZIAXD4OlRgR\/sQ+FnECwHgKiBZaCbjqLRylEEAiuvFm3HL9RM8uHR6f7GoskwEpXQ8gRnZJVFXJFj+4Yh7Dx3I0Rcx\/CO\/QqFNYampXbBLceDAV47NfaJyB2pKRmn1FFBdmLpeRQ+AyiEgkBEWiibg1OMS2suJKwkPEEARJbx3HQB5h6sj9dBoYhNiu75x9Ga+xHmiAAmiDB6uRESAYa8WXAWs3kVACEJy1hXVTDq6B3ZgfVrz4GqXzX+VP+QKozOYqYYqq5jsxK3SrRSB1wKIgbRqcEAGPWnnTtNQBmCKjCZb8NQ8CiS5otIXQqy0cnMsKZTlZeXYcBQRw04B1QDAnEVyfBlEDmrSjgtPC2d\/TeW6L8rSBWGCJGfBuAADt7ylSsbU3iGigcR\/eTktMKclZHeDpD3Gpr3ALwH4P8BgDfqCt8igJXSiFP6OlqWc\/K\/bz0RZNnUM1n\/f+QBp4BHCDpNU76NXYWB1\/AnE0IERssBz9C18FTGirx968YzQj+BcvsQMkn+bwGQhqiFLXheQBquBQZ+HsbEnV76LcWzwpgSLGXoG\/0ahtKHkPrqOwtATQhRBkQRGaLYMBLDIDDWV8YxHDwLUUDyFDYaQH\/f5bBUAv6LnBAAPVbRE0bwCEBMGBm\/C8PpPqS+8oY5wNTJvDPHMm8IgH3emcswgUGwIGSecW5pFEP5o1CiVWklvkAc9qO7a+eqJD7rphAQkGJNsNzTEqBkoaIYPnFnB4SUV6iCTrKHwvLKwOYtAFBVFAooOpfkzms9t9iSHMHG7NsAEfSMS71kqESbEJjaG4ZS5gj97GFVTxWqq7s6fOJrGG49hNTXAHTkp2rnwOvZrWWoLgv+k+CsNah296EzEANqScnvqr6I89wDADNUz+44NgFqg3ugeQGXLpzmbxVFOSJYG6xOFE7ftGUQ43+F4XQfGq4snfakg9ULkQpeJ56tkl3meAuA4b1H\/+AQNm64AAsHvwMnim2Di9XhpUeQqyFPgXqycAiRFxGici88p1CNAclRTobR85HfRcoxsie+BG3NdUaWBKyrFJAiAXkHT2U4xFCQBVBaAUEiGBm7E26Eu4VCMpSB2cIub8aZOWCXogs6IWAS1HS6TcUr2LTzeoRFG1wsNroqqdk6d9s9mQ9ejuHCEppFovV2t5\/LegYaTcZrWV8jq0faHptJPnRXoGlroLoW3L8H7tBXVJcyDhqv2lpkUInWYL4xgXbW\/NiAPXxlNZ+ohEi3A7iQGeHK7hIUGye\/yuIRkDEmT2eQZlvY556Jl4sZd4LGVmh0mR0iRLQQeAa5dJLft+tDqB\/78L3j8xNXd5dntpPoT4mwBCSUiJLRcUrcoR5mgFznfqOF31Dp2fWvY4f3f7c6+DKQzjnYWIrahqLWXaDddsNd7b1\/2NV89pNJ0i4RAE+ANxYNHhlTDqBgXekVotjX8+49ty\/yuZiZdWwiQygA2CBEGAHiYUPML3NzACNN47jq9h\/4QbHgS0i0ODbd9Ss\/9wSVq2mWJ5kjjRjIC0Ev1+n99M11g13nrnulXd15aA7BMA5ft37p33\/9B\/1\/8MnL0r2H+9xLH2hzJV+U3kUrh6+onvjGHVbGL4hCWWhj6OFm7cr748n7W3UamH6m8plDM1kZuUQKJbBh7BqUelhMN4\/NAWyTtndWAEAz7yAOUA+bobsDgCIoR9KiWuvhxeHpvf9wD0gCJBq4VrIwH7hwnqgznVAhSJrjWP8vjG1zpSfGfN99B\/MevLb0kW\/9ef+t+66pf2GvL1zBjMgKNS+k+75YOfH9PUPJ5AX3N3\/5trG5nps34Cjm6zvw6qhBphZT7gXkMFAmECtKRnHgGY9mJrh452aze1P7g6V0tluVPRyRCgHEsCezWqHEEnBe6lt45LN7+nKTtUGBiORRwCb3AjBAgAgQRA4uzfngi1AbWtlgDNks5GggC8g7BhCJACGl5XOa\/3ijKFBkQJcf33JkyX581McBFQ+ZkZC9jazbHNkQQcBkCEwAu0IKr9RGnO2mvdedP33kl8gtJaI2F2ECM9h70GPfvrGTxBShr\/nUN0ea+z9uaJkR+CRPv1nvr3Kyv82KN58vWAMYOp3TV1lVzxDAnVoHr4CXZZuIWtnm39kGxCeivA7bql4OAGj5EL1YaGlrP3J\/St3H649PBfa6qm8A9W8sypUAh7Mrjjd7e0MEGAvM6jmPzjfDqbXcgmGF7S11ntZLOZZwyZ\/E8cvrWRY3wLVJwapklKVtiAkKo6KsqqxEQoAn1oKhCiIhhfVGWtWE5ofPrFVEQG4qM6lZM0Va2NNGErK8\/Sy0gpSYlSDEyBkmUKexJxN7Ku\/5i8EIRegKFiFDTz39N6tv31r1Fsqx5clGqzsujrNSqBkqWnGjhoxBQWUppAyvgZIviPMGYj9tAAX7NnlEPq5Uq5uyf7vPpq\/sXlHYNgSW\/MjEVM\/PXj1pdxwP\/KIFc8dTq12SwiAjUEdFUBhqYAqExZRBqVtn8vXe03q\/pzraHMRr0s6NuKxTfk9xsYB8KrFJ50yRQaEIyYI1B6mBgYVoJ0ZIC7BmYMkBKFiLjnAx\/TNZaetn5tzwZ+Pi+U1GM9O0u8ZLA7v+JSlffDhYmoVBBiifVDC6PGHSbDUZSBUsRef+kiEybQhlYMkg1PEoMU4H8I50fxCAzNFWsPE\/GEe3BhDb5LXHk3j44Iokfkef927\/q8F\/DgCIXuq2\/murMQAAAABJRU5ErkJggg=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385134408,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":1,"thread_ts_msec":1654385134408,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":565,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":565,"pkt_l4_len":531,"thread_ts_msec":1654385134408,"pkt":"tKXvZygQnLbQ0+MzCABFAAInA91AAEAGThXAqAJ+rGh3UMBaAFDHE+5UhHHU2IAYAfbo+AAAAQEICpOtHJliB5VhUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NQ0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkN1uhCAQhV+lmWtjBPxB7rav0PSqaQzC7C5RwSC6JhvfveC2SRMumO8wZw7zhGAmXIKcZhCkrkrGK8JI9gYaN6MQxBNWbTQI0JRhRZG3Ta\/LK+Ot1oVqSkYVr0nsggzUXVqLY3xMhn21kUxOn\/Wih+42353Fbud1FHovbXK9OXcbMQK3dBv6xTib2pObnOd\/iOY8p\/k5RXpv0Ed2sdq7GC4Dj4sb1\/DbXfBiJ01bRmF0SkZ\/AWi7z48ILIaH80MkD3M1aczLpDs\/2bdIedPUrCo1rdoUbJIqCgUVpBLvVBTF68CRliSDTCuSKpjNBIMLiK\/vDHBXOKc0f\/WGNpz34\/gBCIhwTg=="} +00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385134408,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":1,"thread_ts_msec":1654385134408,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"android.yingshi.tcclick.1kxun.com","url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1654385135021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_msec":1654385135021,"pkt":"nLbQ0+MztKXvZygQCABFAAEVhPRAADUG2Q+saHdQwKgCfgBQwFqEcdTYxxPwR4AYAfrU9wAAAQEICmIHlwGTrRyZSFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcg0KU2VydmVyOiBvcGVucmVzdHkvMS4xMS4yLjUNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MzQgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClgtUG93ZXJlZC1CeTogUEhQLzcuMS45DQoNCjANCg0K"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136206,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136206,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136206,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIhQ1AAEAGzADAqAJ+rGl5UrRoAFD5HfAjxRS50IAYAfbp3AAAAQEICvK1GtLJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5OS80NzA0LTUwMTdiY2RjYWNjMDJjYzNhZjQ4MzNjZDFlZDcyYThmLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136206,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136206,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/299\/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136207,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136207,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136207,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIuBVAAEAGmPjAqAJ+rGl5UrRaAFA4F3kV79XZwoAYAfbp3AAAAQEICvK1GtPJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5Ni80NzAxLWUxNGQwNDgxYzhmYmU4YTQyNzk1YWJiODc5Y2RhMmQyLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136207,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136207,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/296\/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136215,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136215,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136215,"pkt":"tKXvZygQnLbQ0+MzCABFAAEI535AAEAGaY\/AqAJ+rGl5UrR4AFBRsl56JroizIAYAfbp3AAAAQEICvK1GtvJoc6eR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMS81MDI3LWQ3MDcxOTJiZmEyZGFiZjIyNzcxYTRkNTY0NTRhYjg4LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136215,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136215,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/301\/5027-d707192bfa2dabf22771a4d56454ab88.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136216,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136216,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136216,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIGp5AAEAGNnDAqAJ+rGl5UrSEAFDq37\/yn5TBcIAYAfbp3AAAAQEICvK1GtzJoc6cR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMC81MTgzLTUxZmI5OWEyMzkxZTc3NDAzN2JhMjFjYmNhMzA3YmU0LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136216,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136216,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/300\/5183-51fb99a2391e774037ba21cbca307be4.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1654385136274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"thread_ts_msec":1654385136274,"pkt":"tKXvZygQnLbQ0+MzCABFAAImA99AAEAGThTAqAJ+rGh3UMBaAFDHE\/BHhHHVuYAYAfXo9wAAAQEICpOtI+NiB5cBUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NA0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkNFuhCAQRX+lmWdjFESRt+0vNH1qGoMwu0tUMIiuycZ\/L7ht0oQH5lzmzmWeEMyES5DTDKKsWUU5KynL3kDjZhSCeMKqjQYBmlBkBHnb9Lq6Ut5qXaimokTxuoxdkIG6S2txjI\/LYV9tJJPTZ73oobvNd2ex23kdhd5Lm1xvzt1GjMAt3YZ+Mc6m9uQm5\/kfIjnPSX5Okd4b9JFdrPYuhsvA4+LGNfx2F7zYy6atojA6JaO\/ALTd50cEFsPD+SGSh7maNOZl0p2f7FskvGlqyipNWJuCTVJFoSCiZOKdiKJ4HTjSkmSQaUVSBbOZYHAB8fWdAe4K55Tmr97QhvN+HD8N\/HBS"} +00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1654385136559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1654385136559,"pkt":"nLbQ0+MztKXvZygQCABFAAF0doZAADcG4xusaXlSwKgCfgBQtGjFFLnQ+R3w94AYAOsxxAAAAQEICsmhz1XytRrSSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDQ1NzQ2DQpMYXN0LU1vZGlmaWVkOiBUdWUsIDEwIE1heSAyMDIyIDAzOjE1OjEzIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNzlkOGMxLWIyYjIiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} +02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1654385136559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385136559,"pkt":"nLbQ0+MztKXvZygQCABFAAXUdodAADcG3rqsaXlSwKgCfgBQtGjFFLsQ+R3w94AQAOuqegAAAQEICsmhz1XytRrS\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIAQQCgAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APk7XL28GtXY+2XHE7\/8tD\/eNc59AkrIq\/br3\/n8uP8Av4aB2Qfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIBfXvP+mT\/APfw0BZB9uvf+fy4\/wC\/hoCyD7de\/wDP5cf9\/DQFkH269\/5\/Lj\/v4aAsg+3Xv\/P5cf8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIPt17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyEa+viOLyf\/v4aAshft17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8\/lx\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fy4\/7+GgLIPt17\/wA\/lx\/38NAWQfbr3\/n8uP8Av4aAsgN9e5x9sn\/7+GgLIPt17\/z+T\/8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/J\/+\/hoK5A+3Xv8Az+T\/APfw0XDlFF5en\/l8n\/7+GlzAoXHJdXxPF5Of+2hpc5pGm9ixFLfMB\/pdwP8AtqahyR0wpX6FqA3\/APz9z++JDWTmdEMNd7F2EX2Aftc\/p\/rDUOpY6IYdLoW4Ptn\/AD8zHPGfMNQ6l2ddPDxavYsKbsOCLifA6fvDzUc7Nlho9iwj3Q+U3M3Xp5hpObsUqC7DxLdg\/wDHzPwefnNS5GkaK7E6S3hAH2if\/v4aXMX7NdhwkvMAfapsZ5\/eGjmLVFdiRJ7kEAXMpAGfvn86LmnsY9hPtN5ux9plHtvPSjmE6UV0Q1bm727hcS493PFHML2cexE15dZyLmbp"} +00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1654385136563,"pkt":"nLbQ0+MztKXvZygQCABFAAF0DidAADYGTHusaXlSwKgCfgBQtISflMFw6t\/AxoAYAOudpAAAAQEICsmhz1fytRrcSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDQwNTcwDQpMYXN0LU1vZGlmaWVkOiBUdWUsIDE5IEFwciAyMDIyIDAzOjM3OjMxIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNWUyZTdiLTllN2EiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} +00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1654385136563,"pkt":"nLbQ0+MztKXvZygQCABFAAF1FpZAADcGQwusaXlSwKgCfgBQtFrv1dnCOBd56YAYAOv6YgAAAQEICsmhz1jytRrTSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDgwNDQ4DQpMYXN0LU1vZGlmaWVkOiBGcmksIDIwIE1heSAyMDIyIDAxOjI2OjI0IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyODZlZTQwLTEzYTQwIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozNiBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1654385136563,"pkt":"nLbQ0+MztKXvZygQCABFAAF07ZdAADYGbQqsaXlSwKgCfgBQtHgmuiLMUbJfToAYAOtoFgAAAQEICsmhz1rytRrbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDU5MjU5DQpMYXN0LU1vZGlmaWVkOiBUdWUsIDAzIE1heSAyMDIyIDA0OjAwOjQ1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNzBhOGVkLWU3N2IiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} +15993{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":11586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11586,"pkt_l4_len":11552,"thread_ts_msec":1654385136563,"pkt":"nLbQ0+MztKXvZygQCABFAC00DihAADYGILqsaXlSwKgCfgBQtISflMKw6t\/AxoAQAOsWCQAAAQEICsmhz1fytRrc\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIASICJgMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APBdf1K+GvXii9uOLh+PNP8AePvX3sYx5VofGybuyCPU74H\/AI\/bj\/v6aJRT2Rm7k8epX4YOt9cAjuJWH9aSST2IblqrnQL4t8Q3MQik1KVRjBKHBP1NevVznGVKfJdLzSSb+f8AkeVSyfB0586Tfk22l8hyahfbc\/bJ8\/8AXQ815Liup6V3awj6le4P+mTc\/wDTQ1m4rsRKT7kYvbvJJuJTk5OXPJosuxnd9xJ9QvGGGupW9MuaaS7FXfcjS9u1O5bmUHvhyKvRju+4Nf3e7f8Aapd3rvOaq3kNXvuRPql6uVW7mAPo5qko9hq\/cZFqF3nAuZQD1Ac1XLHcevcuW+pXqji7mHsHNZuK7EO66k0Wo3I5+0SfUMaOVPoLXuSnUb0qV+1zFfTeanlXYSchh1G9Xpdygf8AXQ1SiuxevcaL++yMXU2Ov+sNXyrsUnLuPF\/fA\/8AH5Pg\/wC2apKPYbb7kqX98W\/4\/J\/+\/hoaVtiHJ9yaLUb3OPtc3\/fZqLLsCnJolTUb4HP2yb8XNJ27Cu72uNOo3p\/5epvpvNPlXYTb7jW1G+xj7XN\/32atJLoOM5EcmoXuP+Pub\/vs0JK+w3KSBb+9zzdzZP8A00NU0mtENSa6iS6nqCQMFu7gqSMgSdTnA6njk1nJxirsuHNOVkN8XeLPDuh303hfxGPGllIeZruy8lXkXpmLfkhDg4IwTXlSxlaS9yMV+Z6dHD04WlJ3OW0e88CpLqdx4X8Zawt5bwNNax+Jm8oz7efLSRCU3nnAbGegIzURrTi1KUfuO2ac9E9Dnpfid4iuNdW5XUWkd8Zi85xHNx93B5Vu1diqNO8UZyw6kmpM9K0vWLm+0u3voby4CTpu2MWDRnOCpz3ByK9SDjKKdjyatOdOTi2Wlvr3Oftc2R\/tmqtHsYtvuSJqF6SP9Lm\/7+GqUV2FzPuWX1S8ZNhuZCQoVW8wjaB6fWlyrqhcz7jF1G9Ax9qm\/wC+zTcI9ik33GtqF5zi7m\/77NHLHsHM+4qajegY+1Tf99mk4R7Am+5Il9et0upv++zScYroHNLuSw3F40yAXcpP++ayqpW2Nad77m7bpeKgMtzMB3+c1zx0exvJe7uUby7uopmQXUuB\/tmupJW2OZN9WZV5qd4krbbuY\/8AAzVWj2C8n1KjanqLHm7mx\/vms7JvYpXsXLS+vcZN1N\/32atRXYlt3LDX92RxdSn\/AIGazcoroaxi2tyE6heE8Xcv\/fZq4qL6EyUlpcVb+9Jx9qm\/77NaKMexnd9y1BdXxAP2qX\/vs0\/d7A3LuWYby9B5upv++zQ1HsS2+5bgvrr\/AJ+Zc\/7xqHGPYTbvuLLf3fa5l\/76oUIvoVGbRE2oXn\/P1L\/32aiyT2NubmW46O9vSf8Aj6l6\/wB41olHsYyuupYS8vNvNzJ\/31T5Y9iby7kiXd2f+XmXH+9TUV2DmfckS5u8D\/SJP++jVcsewc0u5PDcXhPNxL\/31Ryx7BzPuWkurkDP2iTp\/epcsewnJ9yveXt8WBW4kH\/AqiUE+hpTnpuWIr68EY3XEmR1+aqUI22M5N9Gb3hnVJwwJmY\/U1y1oLsQ3LudXLqQNod9wc46ZrjUHfYjn8zldWuZWnJjuH68YNd1NK1mieZ9yGDULmMAGd\/zq+VdgfM+pDf6vcqhCzuSfeqSj2KipPqZc13eFC32mT\/vqlzRvaxvytLcggv7sT7jdSf99U3FPoHM7bl\/7XczJn7RJx0+as3FdjJzlfcW1kuo0bNxJljnO40KMewnNt6sFurtWYedJj13Gm4prYG5PqfNuvpjXr0+tw\/\/AKEa44u8Ujvk9WVNvH+eavUVx8WemaZLNWwOFH0pEW1NNXwnT86TehLRGWB5qGjGSFJOKRKIXOckk4prcaWokRNPVajtYVgSuAafMUiIxZNXcq45IyDS5kQ2TKM8dKTY3qPjOOlVcT7Eqn5eTQGwx2yTVRBMVCevansO5MpGKBvYeHHGKaE2SKwGDmkJIfuwKhsHcN+WweM1SDW5Vu7+zt5khnuYo5ZPuIzgM3uBQ5JPUtU21dLQ3DowXw1Lqs+pW0biLzYbcHc7Jnl2AOQo9a0tFL3nYcYtuzMC51O0MkdrY3VtcySMTtilJQL\/AAyFyOh7DqB1rGVdWOhYW4XtzptnB9o8ToP7PjDF7AzBDezAZi+Yc7ATu468CuTESlOK5XZo3o0eVu5w3xEuNb8beKLnX4rK4uonjiggEbB3VEQIq8ck8E8CuGLUI2k9TtUErJLQ4fVbW5sLSeK8gmt5iMGOeMo4\/A1vBmsE3USMfTbhwwiLkfMCh9D600dlWOnMj6W+Hl9p2s\/BaCW3y2oWl2WuSVO5HIAYE994AOOxT3NexSanBOGi6+p4eJg3NtjkJK7ugPT3rVM89olVgEDZyW4HH507iHPxEsgOc8H2qr6BYYXzUbBYcppsbRPbxNKcKKd7bisXBazouTE231AqbooI3MUgfoVPek1cFKxpHWFMJyTnHTFZ+zVy\/a6GTcTvLKTuxmtUjN6laVC569e9Fhp20FhgUHLYNSopGi13JZchcLUOZap9RIQcHOeahq+ppdINnPrWkLoyqSuKg5B71sZbl22kAHUUrag2Th8nINVcgfHJgioYEpJPQU0FhyR7jjtTaHcmSLbzntQhEqDJxTsIngTPamrgW4oh1NMm5KF29KBX10FbpzSBtkTDL5zmnYEx2C3WkDZZs2khbKMVqZJMT1LyXEz43SEis+VIVrCGQ\/xdalpENdSKeT5TjmhCMy6c7utaI1inYIC0i7Sc1Lir3LcmkRXMRV8jNaRJTvuW9JPIyelROJLRrKqY9sVlYy6kFwi5+U1cSkz5u17H9u3mT\/y8P\/6Ea4Y7I9CW7KbYJxWiELGBuFNgzTscDHNIRb3\/ACYpWJaBWz3qGYzRIThaRCRDKw\/\/AFU0XEYrjNOw2iYfMakVkO209RXdxwxjNDuJthjvimtQQADPWtRu1hx9u9IQgGadwHLwQKECV3qSL97rVF7MUA5xQ2Jqw9GxnIPtSbGkZOq+JbSyuBD99jxw3+fzrmqV1Dpc6qWFlUVyVdWknsILm1NrGkj7Ge8kaMIecE4HQ46jis\/rXNokbrA23Zi3WlD+1I\/Ed3rNhcSQoS0MaiZGA\/gYfeUNkjNRz8zu9TqhTio8kUzm9f8AEus61rNubSya0W2QpAkf7sqhPILd1z3NTVrSeq0sa0qMYLletx6eFNSlu2t9Lmd4j5cpjWQfuiyhgDzyPTsenWsowbdzWUlFXZ02iWF6biWK\/kVLmxXHlXdqWIzxxz8vHPIx6Gt4t7MwlGO8Sfxdf2VzpkcWnx6ei25CLugH+tz2IwV9fWnNxasyYxaeoal4s1PUvh7b+ENWsodc0yG8MrXF0m6dG2AMkcxOQF7GsJUF8VPc0hPkle5454n0p9O117WC3uVAG9FmQhwvXkew7\/jRDmXx7noUqinC7Ou+D3iS903U3tre4dFuwGVf4RIPun29Poa78PWcW4rqcVakkz1P7XHewJcwRmNX5K5zt55H4V1Xb1PHcFGTRNA4CYZWI7c9BWsGYztc0dKs5ruK5WNSRHbtN\/3yR\/jWnMRsVzDIDhlII7EVDaLsKoK0lJXHytGvoBQsA2KmUmC0OnKqLQgAAGsepfKtzm9YVVlOMc10x2MpKxQFVYgXGKClsAHGc0CuOQHNDGpWHhdwArJw1N1VVrF7SdOlvpxHHx6mnpFakNuWxY1jQp7GPzd29e59KcJKWgmnbUyse9XcaBTg\/wD1qdxNXJoye1K6J5W9ixH0yapK4rWLCN05p2E7liI7TihoSJhycc4pWsG5NCBuweaVykrlyCLIBAo5hOBOCEGCKOdE8gyeULGWU0N6CSaZDHLvYc1KZq46EyLurRGNifARQSM5ouA25kAgLDqO1TcpIZp15vk2HipYpx0LrnJz2rNswGOvynJ61N7AZ9yOTWq1Nosn00ChhPckvkXYT3oiyYmYL4xSbQKJs6IQvozVsb3zY8luahPsZ1KVth8s4A65q1oZKPY+bddkLa7fdcfaX\/8AQjXEvhR6Ul7zKu89xTWpNiWJuR6UyWaNiDtBNBHUtE4HWpbJkwjOOlQ2QPMnGMc0lZgV5HJOaYDEJLdTzTSuxliIsOM07CJ1cYwDRa7Cwu7Ham0iGhAwNJ6B0F7YzVJ3DQdnkE07jsLmmTYkUZx3xS2LumO5HWncYm7Bqb3AzPFurJpOlNOdpkf5I1J4JxyT7AVjUnyxub0KXtJ26Hj+qazdXN8WikJ+bexPO8\/4egrlULq7PoYU0oJMbJ4l1Nh5c0iTpnI8wcj6UnTRaoxsWtButT1PW7O1hdA8zkooGGAAJLZHsD+VZqKvaL1H7NRVzudQ+K95L4YudCax01FsxshuBaoJpFZhlC2MkZJatvaPlVkczw95ud9zndM8WLZ6hHJDEscEyBfLQldgHVfoTnj3qYtJsHCTXoP1vxbqWoX0cTXs7xQ8W8jv+8QHjBI646flUzvvcmKS1sWGuo5dIUER3lzGAxHn8n\/ZZSM8Um31Nbdth\/hzW7+DUojfQEgKRDbltgbdx8yjsMnGOvrWlGeur0RjiI6aLU9sk8JeCvHJae\/1KSye6jgs\/tBIIZjJsCgcZyGHTso7V6U4wm+bueSsRXw60W12eIeOPCF74A8X2cGpIIo7iMz2bK2d0QkKgn\/axjjtXG6TpTsezCtGvT54nceB7gXGjN+8z5crDbjAUHkY9Qa76ElKJ5OLTVQ3oQXQDd0O0D1raUuVHPCPM7Hb+DLe3MAwwGVw3r9K4J4lt2PQWF03F8VwWucqFDAckVtGblE55RSZyjqO1CuOSVgjYo+VJBHQg11Rjc5GtTUi1O48oL5mR2zUuCHzFS7mMkhLHNXFEPVjbSMzzrGONxApykkilFvQ6eXQ1W0wEGAvWudVrs0dK25zMqeXMU9DXQZND1XjkUCLtjEpjLHmpbKUbl\/T7wabOJQuQfvYpSjzIpPlLev69bXViYYQctwSazhTlF6lXTOZB9K1QrACD9ampPlVzWnDmkkS22TzXlurUlM9T2MIRLSgivWo8zjqeRWtzWRLCCTgDNa7GJct4z+PvTuSW4oiRSC5Yiix2rJmsWW4dqjmlZsJNDbpd68ZNFmgUkQrCzAgg4qkiL6iRWu2XJ49KaC5chQYqrmexBq0wjj4PI96iTsrlRiVtPkMwIbpUqV9Qk7E0UBjlL56UyeYsxzc7TWckyZMsoheM8Vm2YXsUryIqT79a1g9DSIWbrHy3Aq5I1ab0KmrXyq3yuCaSHCDuZkjmY7s4NaWTRuvdLdlJ5KgZye+alQtsZVJuZIbgsTzTtYxSaPCvEKga7e\/9fD\/APoRrzou0Ud8nqyntzVXFcliXmhEtmjZjCjOKGyWSyHnHFQyADDHXpUvUQN0zkVSVkJEbAE0g0uNUYPHGa0TViiYMQeo4piF3c9aOgChj0pCdh6k+tK4bD19M0bCuhwJzVJhcdGxxTGT25Xcc0O4JaiynJ5PSgl3ItwHHSlZlI8x+L2pPceKFsmkIgsogpUHqzcn+n5Vy1XeVme3gadqN+rONlG0FiOoyai7R6C1djZ+GXhC88X649rAwjhhQyTSMOAOyj3NcmLxMaEFJ6tnZTpOo7I9i8OfCa20fTmvZ5ZHu4o3MBQ4MIx0z34z+deLPMakpXjodccHFK8tWeaa7oFq3iS4ijXahBk2kcjCkgfj\/SvSo15OmmzhqU\/eaRzV5EV+6oOXyT\/P+VdUXdnCprYJc+Z58YK4A4A\/A\/0q7aBF6WCa6EzGC4RVKjCODjbTt1GotLmiylDeXtlcbllbcp\/jOavlTOhxjNXPRPhr8RbqyjjtLvTbO+Fm7T2ayBgBcNhRITnkKM8euK2hVlHQ4MRg4yu72ub3jCQ+MvhjqHn3EN34g0S4\/tMyf8tJYWZllRfVQNjkdtppuSqxd90KjT9lUVtnp93UX4RNHceHzOhXex2mMHOQDx+I5+oIrowrTVzlx8bWOrEu1hxtGcke9dU43Vjzoy5ZXNG01OWH5onKnHauJ4aVz0Vi4co261C5uPvuTXZCCijhqTcmRox6+n6U+VXuLmbQ9WI60+ZXsKUWP3HGKtEMGz1qriJrCXypw\/8Ad6VjUTaNqbSZ0ba239nGEvjIx71yxjaVzqnZxMOVw7lietdaZxz0FH3cCmQSwz+Scdc0rXNE7Ed3dlzjsDzVJENpkSHPemxpj1XJz3pJBccFOfrSlFNWZpCViaLC89h2qI4eKdzWdebViyrbhkV0JWOR6lywizg1Mi0jSjiym4AZFCZMkTwL04+tVozIs7F29MGpaHcQA9DVJWQpMlt+T0qZCWxOI1IzipuJtkUygjOOKZSYiqQhODikEtzn\/EczK2OeeKyqvSxvTimix4d\/1AOeaKSsiKyNQEHr1rTU5+oiqBJmpewMuwvhKycTPl1Kt+wwSeOK0gaRVjLupf3TbTyK1ZrHc43VtQnXUPLIIGeua5ZNqR1wScbmpYzt9nLE5rqj3RjLcguNTkibnGKyq1eU1hRU9iCLVmlY4Oce9c7xdzZ4PlWp5j4glX\/hIL0Z6XMn\/oRrJL3UZyWrIEbPOaZDRLFgnNUiWXYW+QdqkkJHI79aSEEbj1oaJH+ZxikIb5nJpglYA5IzRsMdnjPrVJjHp0ptoTHihMVhy+tQwJUPy\/8A1qZLihcc4oHYFyGo1GSLkVoK44HOc0EtjQNzc0ylueV\/FOwVPEGoXyvlXlRCCP49oLfhjFefUuptI+gwUn7OKZylwfvMTkZA\/DFCO2C6H0z+y54UWw8DwXsifvtRP2l8jnB+6Py\/nXzeOqe0rPy0PbwkOWnfuevNpEc1rJGQFEiFSfTIxXGkkzaT0PmH4jWLaVqj6gqtstLlrW7Q9VU8Bj+ORXq4WTl7p5leNvePN523KY8g7X7elepBdTzJJXuMtZFTcrcqRkVrYzmm1oMu4on3PjbkcUloVTk1oVchYwsgR1zgHIJWnc6bdVudX4DuNCsxdR6u7QwXUB8t1j5LAjgSAHGcdgepohe7dznmpyLi+IoINaZrIpHEI3WJY4gkZh27cMMZOckZJycgmq9o4vmQ+VW0Nz9nl7V31LTpXlUAMFABJQg8OB34BB\/CurB25rnLjotw5juLqNkYEkE5KHHqP8RzXopaHiiQnjGfpSYXsToRnjrTS0Al52cEVLLgNBOalI0bVhySqp5onUsZxg5MvW08LpggVmqrZo6dkNnRUOV6E9K3WqM1poNyT0NZs2THxjoTVRM52ZKWIOauxlYZvJPNOyC4igk5xQIkQc5NFimSpnOaYrkg9vxpWKXkPSMsen5VaVhtdy5bQnPTjNUQX7ZfLHPFRJXGnqW45l2beMmoW45xdixAc4q0rGDvsTg8UwSHIvPNFwZMqhASKi+oWJASVyTSFYgeQBgD0HWm1oNeZ2XhJLC7sfLlWLAGDkDNeZXlUjLQ0VmzlPiJo1pDcGS26dxW1GUpq0h6x2Ocs828eBXZaxLRo2soZMueTSvqS4CySBW60ENCi7CjlqXLcXKVL68DDg1UYlqJSEgYEbsD+dW9DRIyNVsopJd4x1qHG5afKhsa+VBiqitbEGbq1v5wzuIFY16KkrnRQrODKmm6aSWwzdPWvNWHaPQeMTR59r+Rr97n\/n5f\/wBCNbQacUckt2Rp90UGbLEHYCqtpczkXYfuCpZOrQ2c470kJkYLYzQ2LyHCTI9KQrMRTknnpVDsSJwvvQSx4JzmncvoKH7elTZkpXHq+fWhJ3CxIjH0p2FYlQ4xSAkB5oJHA5OapDQvOQe1WvMloXOD6UAkLu75oY0cb8S9KebQpgg3SPOboZ74AGP5Vy1IHqYKu+dX22PN9E0+61fWLfS7OJ5Li7mEUar1568eg5rnqVI04OT2PehBykkj7o8E6ZFpuhWlsoUJDCsYOcDgY\/pXyjd3c9uPuqw\/xP4p8MaPEYr3xBZRT9oUfzJM\/wC6uauNKb2REpxWjZ4B8UtX0q91ye8jSWWz1CMwagmwjcvaVc9wcGuyjTmtOvQ5qjizya\/sTaXbBGWSOQYV16HHcfUV60Kl1qeVUg0Z7IyuQOua6E+qMr9yS1eF5jHc\/KOxxytD0V0HLbUq3UJhcERg4zyf4h9O1Lc2hUUtLmlollLe6otnC0tyGIeIQJu5PHI\/h9x7VMXdXaHJNaoj1xWGuzRJwEwqlGHzAt1wOmcdO1PYmyjG50PwevDb+OHhWWSJzMxRhjPHbmtaLcJxkY143pfI9hmkWWV4fI2yEYVd2OR2+oOce3FevdHg1Iq5XUgDPT60Ix1Hq2eQKu40SK5Ax\/OpC7HoN2B61Wlik7lkWi7c4JPrXJVi29DqpWRHHG6Pt6ClCmwqSLMoxHxzjrXSrI5+pHuyPSm0hczQ5ZD0NFkJybJkO7oDSuJ6oVwMjiqQAAD9KBjxmncRJEpJxjrTQizFFj61VhpluNBxgdqLFXLVv8vFNiZITxQ2rCW5Wd3ST8eK5al09DsppOJqWEm5BnrW0XdHJUiosuqe5qzMmhAYgZwahysJnQWfhxryy3wykPjPPQ1zTxKi7NAjB1OG4sLgxTLyD1reM1JXQ73M+SbOfWrvcOUZDdzQSCSKVkPsetS0nowsPv8AUbi6AEsmRUxhGOxS8ynJkjireohsUjRn5uRStYegPcljnPeqWwmQyTnoec0nZMSRWnkJ6n8qoZCk2G60mNaCTuCuMjNSht3K7gkZ7DtTW5Jk6pd+TOEzgHis6skkaxWh0Hh+GOS3yO4ySaqLVtjOUmmeN6+h\/t+9GMAXEn\/oRrzYv3Udcnqyuoxgcir5iSzbc+1V0Ia1L8ZHl4xUBaxFOeMCi5m3roMXlakl7jcEdRTWpV0KnXOKbESIDnOKOgiTb8vFK4gK8DnmmmNOwq8H3q0Nk0Z4osSSqc8dxSYhQe1P1GKrY6dKVgHqxzxRFiHAgirAUcfSh6gZXixGnhjj5OQVOOdq9f6VnJdjpw7szg\/hrpE9x44W3g1L7DK5lWC6PGHUbsZ7ZGa8fFz5KV2rn0mH\/eyUU7H0loLaxq\/gKbw\/qExe7gi2vNEfvrnhga+f5lzXR7sYtxtLc4mbQ9C8Ob9Q8RXDx28LZkfksT7d63VWpJ2iS6UYq8jePiT4eXcMSxRq0DNsjlntiFdu4VumRScK8XzMVN0p6IbrPw18NeKrAnTYktJHGVeJMAN9BWtPEziZ1MPB6NHlPjb4c634eui91ZtIqcbkHDjsR71308XG1m7HFUwll7p51r9r5N8Qm5SOSD2rvhO8Tli+VuLHaUl7NdxW6w\/aXlcKkYGSxPam5KK5noQqcZytDc9o8E+EILbT5dsl6wAIvZNKaON7cjA4LDLlcngYzz9a855lKL20\/E9allUajSlL3vwPMPFnh+fQPHNzps0kc4t2EkVwows8RUMknPTKkcdjkdq9CEozipRejPMxlOeHnKjPdaGd4Tna28XwTxyhiZgcj1J+7z+VaKWlrA17qR73qXmtcebJIHYhfmz8x+UYP9Pwr1IpHztZe+0QAsSS5JJ7+tbHOlcliyTihsryJxE+OhwOtGhLTJY4ZdoZUbH0qJztoawimrk8M0u4Rgcms1I2Whfj0m6mj8wct1xWikupE02UpzJG5jkUqy9Qab0M46kXbNJMUktx0Skt64rQSsXbfaBUsbGy7d2RVIliIDx6U7AaNnZF1yR1oRSQ9rbyX5HXpVomRKigU7giRTigqw4HAzzTEvMehLf\/AF6TC6RMsQdeahq5SnYabpLaUKTih+6VyOZp206ywqy9\/SmtTBpp2H+cFPHFJoRtaF4rkslEMgDJ6jqK5a2HUtUCRX8Vakt8C8RHzVzKUoaHTSpJkOhQI0eXUHimqkmaThGOhj+N2EMRkQY2jPFaupKMbodGjGcrHP6PrAmYJJ1pUcUpO0jbEYFxV0basGXI\/Ou255jTWjI5uRgUwK5+U460kwuQysO2cUBoQSk49aSYEDPx0qmh2I5WbYSDS2BEMEjFgpasnPUtx0KniSxaYLIv51lWi2rmlJrVHQeFhtsQpPIUVpTl7tjGtFcx5D4hXOv3uP8An4f\/ANCNeetIo6JPVlIrzTTFcmt+PpVIXUtqcriqT0B6CSHPepM00wQYXJpMhsd3BxSvcQ5E55p3C5LEg9KVwJGHbtTQEbnnHSqSHbQjdgGGOtOKYldiq57GrBE0bZ70hkmaLAAP\/wBekJjozz0puIEqjBBppCFYjpjg0JWYyKdBIvP4mna5UXY4\/wAVaHDAlpbQK0j3upLj2DHBX361w4qKhTbPWwNV1KqTPov4FeCpPCWkXMYuZbhnzErSsWIUnOOewwAPpXyOIrOrO6R9lRpKnG1zU8aeA9O8U2yLeRsDbzCVdpwCwzjI7gZ6VMJuOpcrPRkXhn4Yabp2iwafbQQLa2js8UIUnDMck8+p9Kudec3qyIxjHRI6GDTYrMFVjVcDHFZKQPYyvF09o2jzWtzEkocYIYZra9tibM+UfjzpUdlrkU9vxHKuCMdCDXrZfUvFxZ5uNglNSLPwc0xoYv7bmhkBcmG2kC5CccyEenQfnU46td8i+ZeBw+vtGemeB9VvTZa3puqWcMOoxRh5JY1ws3zLhsf7Qx0rzZpJp3Pdw61VzzP453kE3xAkgRSGsLKG1lH+0AWI\/DcB+Fe1gIuOHimfPZ9WVbGycTzaxl8u+VxwVkzn05rstc55Xsmj33TrqW9toLuRcboVEjKcjfjr+IGfzr0sPJygmz57GaVXYtoSe9dZyFqzwZlFSxxWp0OnQpvXeBg9aybdjpjG+5pXsEQQ+WBjHSufnbN+RW0OdnkSO83Jg4PatYvuZSTudVouo2j2IbeA2ORnmqs0RzGF4hdJp94xnPUVqtdDJ7mYOOKtR6kyZPEMYIpshMtQAM4BqJOxoo3LwjiaMqEHNZqbuaOCsVfLw5HpXQtTE19PlRYBu6iqtYpPQS9njcgAikpITuQhuOKfMSOTJOabY4k8cRIxSUimi1HBhaLiaHDg49KolIxfFUchj8yMnIrmxCbWh3YWSvZkvhfUM24ic\/MPWsKde2jKxGH6o13kLDIrqVRNXOHkd7ELSqHAwQR0NY+21sbexfLce9yCvT8c1p7JS1M+dx0JoNSmSHZCQKl0oxFzOTKWqzT3g2TYx3x3pKMbGsZSjqZTaUEcPGPfArGWFV+ZHTHGu3KzZ0uF3QJwK6YK0bHDWak7ol1C1khTcrBh3I7VomZLzMyVvfNJjZAXBOCaVwsQTPjgcVSWgEOd3ehuw7j\/ACflznioUrja0H2tlGW3tmm0HM9ieaBGwh59KLJoV2i9pdp5aEhhjFQojabPGNfH\/E+vP+vh\/wD0I15q2RtL4mVwnA4pq1yLj41HXHSqRSXUnHApjepHnJpMylZMen3uazbJHxnmrUbBYkBxTCw8MMf55ppBYUnIzRYCEknmrtoIbtJ6jrTS7FJaAAQeehp3sIkQ9h1obQMlXmkIeuc8GgBy4HSi+ghwcA804odhQ4564pgGQVoegbDLKx+3+INLjEZkkS\/heNfVg4rlxqUsPNt9GduXzaxMLdWj6RuWn05QkKFiDk47k9a+JiforiaPhS+iujKpTYw4ZXHIpuzMWmjSuvLtY2foD2qSkjlNd1IIWIOKSWo2tDzjxXqctzOVXIXtWyMjzXxz4Zl8Q6pbK8gSGIEyHufYfX1rqo1\/ZJ23OapRVRq52fhLQpLiwW1sbOHyYE2FZNyjphSCBzj0rFz1be530aV1ZGb4\/u7XwD4XaTUZBLqMmFhjZv3k5BygI7IDySeTgCtMPSdaoktup0Vq9PCU3J6yex4Fq15PczS3l1N5txdu000h6sxOSa+kSPi7upUcmZEPUsoGaUUdUux7b4FuHufCmlyBVx5LpuUD5sN0J7kZ7124VWjZHh5hbnXc3UY9+9dyPPs7E9s2181Mn0KijTj1AxoFJye1ZNXN07DZdTuXXYJCF9PWpcEV7ToVFZixPc0WZd42J4mZV+ViPpW0V3OWTvsTCTeOTn61S0Yk0IeuatEyHxE4wOtDIsSqzjkmokuxrBsuwTt5ePXuKiEbO5cpXQoNbpmY8uQpKk9KGhR3H6FCtxdF5ydoOAB3rz5VGpHpqipQNu60pPJ8y3BHrzXXCpdanmzhaTKpgaH7wq07gtCxbkDmmVcndgqhs0DtcpyXAMmKSqK9rhKi7XRHc7Zoip5BFaSV0RB8rujHs7ZoNRXaTtLYrzqlBp3PSjiIuNmd7a2ts2nhdi5K9e9OKkjjlJXOc1JGS4KqRgGtfYpvmBVtLFaVmW3POTXQtEYv3nqV9NvCbgIe5xmsZyu7GkUlqbUyKEBohe4psiJxWyMSa1nSN\/QGhiZLqc6C2PzZyOKLjMCYnFIFYqyuc\/TpU6l6MZ5uTiqj5ksRfvcmmSWEYlMcUWGyxA+3tVNXQkOJLNnGBStoO5e0+VdhBYDjvSYPY8V8Qf8AIevT\/wBPD\/8AoRrx4bK5vL4mV4m+XBp9SGtSeEjArRMtbCykjoaYMj3c4xSM7DgxBFJJXJJFYA5pgkOLk0WDUfGxbr9Kqwh+PyqlYGhwWqWwAU54pXAQp0obEAUg+lTJAOX2NUtEA4H5qAAn0oAQHnnrTGhVbjtmhXBioQCKq4E1pcy2d9DeQOVlgcSRsOoI6VlUgqkHCWzNKNWVKoqkd1qejXNl4y8S3um6lpniX+z4pYll+VAQxIyVdSDnoehFfFVaapVJQa2Z+jUK7q04VO6ueh+DdPv7W7lvNTvoJZGjCIkKkDPckmsWrmk3c2NYnZ4NueCKz2Gjh\/EZ4YA1ohNnGanF85bvVoyZkSkLcMcZrSKTM5aPQhsLvxxYO0Fp4jS303cWjCwK0qA\/wgkUSUHqlqaRq1IR0Z5H8bL6S58VQQSTPcSJDvd5HyxJJ5Jr18BC1Ns8fGTlOd5M4+6IjtWJILOMDvivRTOKnrNW2KcPyscdSMU0dEtT174KXbP4SuLXKlVmEgB\/gOOq+h6g+orowzs5I8fHRd0dYx5I5ruW1zzh6bvWhWBXHhsn60Iq4+M88H61VtNQbHrjrjFPlIbHqce2PfrUt2HFNkqEMwxTi00Nxa3L1tbNMMgDA65qibMdJbNA3OCPUU9xWsKuD2oaGmSRj0osPmFG4nnmkIkGccVfQWxPo1yLe5IkHyMfyriqUrs76dd8p6X4N0catpzTE4jbpnvXPUq8jSMVFydzD8eWK6ddLDXXhpuSuZT3MKJxmupsEhZZMpjtSsGzKMxYP14rjlTakdsaicR0UhK46V2Qelmcc0lLQduXeDxmqdiGXo9UuFhMYIHHWo5Y7k6lRpHZiWOSfWqdguQ3LfwE8VL2GnqQ2duBLuxWbhdmnNY0jKdgBPStIpIzk2RtL2x+NPci4zzBnqaQ7Ebygt97n0pAQyjPfrQCK9whA5o0KbaIAvc0ybj0B9aYE8QOM+tJuw0rkiA+tJSK5GS5wtVdE8rG21zGxYZ6Vm5K4JNHkfiPjXrzn\/l4f\/0I15S+E3e7KkZqk77iaLED4696uwth0xOOe9MGRK2DQLccrcikybDi5qlqOw5WNOwpMngPNBBYUgjrikwHZAPTmqjqCJI\/mxQwZJ5ec1LYhkgFNBcjcfhTQEbcDimtxgDn1qgQqnnGaQ\/MUY3YzTWwkia3i3nms5SS1No0+YfNAyDdg4oUrkyhys6HSPFPiPTdIsLfSYRMULLkoCFIOQCT7GvnMxoxWJb7n3PDzVbDKDV7aHS6B488azTRxXXhaGcM2GltbgLsH+1nj8q8+VOKW57VfD+zWrO\/e\/Z7RWcFTjkHtXI0cuxzmrzCR2weCaqIHL6\/KsaEAjca0Rk2c6JTJchVGcn1qr2IZa1VxFpxweT2pxd2LoeM\/GXT5ItZj1EoxR4gHcDIXHavZwFRWcTzcVB8111OBu5mlYDoqjAFejYinBRQ60xvBJzzQTU2PTvgm2GvI8Z3IGz29vx61rQXvHmYqKcL9Tu0+Yj3rtTPLcS5EuAKq+gJ2RFKpWU+nWqjrqZPRixtiqHcs20YkyW6VSdhpXH3cIWPcnT0rKeuxvCJBCzCTioTaZrNRaOg0aVDAEPBFbxd0YJW0Jb91K7epzVxMpWuVQPegWg+P3pi3JBzQkkDuSomRzTYAYsc9qnlGpNHb+C\/F8OlaesE5I29MVyVsM5u6NITMbxdrTazqZnK7UHCitaUPZxsOxmCUDvWgJiGQ5xTBsZIwYc0CuRb8cdqcU0yJXHx7nb5eaqT0BK7NLTrPzj8\/FcU66izpjQbVy8dLRE3bsitFWuYShZmXqduI3HPB6VqtSGQxMqjApsGxssrFuKiU0txqLaGq24ZJqk0S42I7yby4j9KTloEdWZdvfM9xt75rGE7uzNJw6mkjjgscVqzOO4bvOfYilqyU\/eNpwbWg+WwnRMlfwrXnRkoPqRwRYyGGD700wbJoEwenFN6"} +00379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":13026,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":13026,"pkt_l4_len":12992,"thread_ts_msec":1654385136563} +02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385136563,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7ZhAADYGaKmsaXlSwKgCfgBQtHgmuiQMUbJfToAQAOskjAAAAQEICsmhz1rytRrb\/9j\/4AAQSkZJRgABAQEAeAB4AAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIASICJgMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APvKRyGwMdB1UelMQm9v9n\/vkU7CuSBjjt+QoAXcfb8hQAbj7fkKAFDHHb8qADcfb8qADcfb8qADcfb8qAFBOO35UWC4uT7flRYLhk+35UWC4ZPt+VFguKM+35UWC4Z+n5UALn6flQAZ+n5UAVtWhW50y4gYAiSJlxjrxWNeHPSlHujWlU5KkZdmcx8J72WSwuLGbGYH3KCBkA9RXm5ZUvCVPsevnNJOUKy6o69T9Pyr1E9EeHfUXP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XAfh+VAXF\/AUBcPwFAXD8BQFw\/AUBcPwFAXD8BQFw\/AUBcPwFAXD8BQFw\/AUBcD07UBcQHnt+VFwuKenagLiZ+n5UXC4A89vyouFxfyoC4mcelAXGPMiDJKigGzH8ReKtJ0iBpLu6RcD7vVj+FUTzjvCGrLrGmLfou1ZeVDIAQM96Aua4PI6dfSgdx\/4CpHcPwFAXD8BQFzP8R3IttNlkOMbT2FY4iX7oZ4f4nk\/te7NpHLIhDE5XFfKSb7jLBkk0HSQQfMfgYIzWEm+5Ri+KPFcml6Wbt5cueQoArSg33JlI4mz+MAt70C68z96TtJTgVvyzkY+0Ox8H3V3r9294t0fKZflHpWclLuXF8wx9Lmg1G4+2TF4C2Qx9Kz53Hqanmnxtu49KvLe+tLx1ROCobHWuvD3mtzCruP8ACnxEvrqW1WB5JPNIXBXIFazpytqRTlqdh8OtY1q1+NWmW97bFY7xiI328fdNVg7e2SudB9H6PLINTuVJXqD9wcV9KSbIdsfw\/wDfIoC4ySRicfL\/AN8igCGSWUcqF\/74H+FSy48vUjiunMhBC5Xr8g\/woKlHsTPc4jJZkA91FBBxfjr4maLoKzW8UqXV7FHv+zxKpO3OM+lRKVioxueXL8U9bvrj7Vq2qWumWjriKGBVzuyeST\/s1nds2SsfRUv3\/wAB\/KutHKwoAkHSgAoAKAHDpQAUAFABQA4dKACgAoAUdaAFoAKACgAo"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385139579,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1654385139579,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":953,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":953,"pkt_l4_len":919,"thread_ts_msec":1654385139579,"pkt":"tKXvZygQnLbQ0+MzCABFAAOrd4dAAEAGTmTAqAJ+Zx1HHomAAFCgxdnYmdL2h4AYAfZ0\/wAAAQEICoGE\/JiYFaLeR0VUIC9jLzM1LzEzMjc3PyZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzYmXz0xNjU0Mzg1MTM3OTY4Jl9jaGFubmVsPTFreHVuJl9sb2NhbGU9VVNfZW4mX2NhcnJpZXI9MzEwMjYwJl9yZXNvbHV0aW9uPTEwODAlMkMxNzk0Jl9haWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlIEhUVFAvMS4xDQpIb3N0OiByZWxlYXNlLmJpZ2RhdGEuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +01311{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385139579,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1654385139579,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"release.bigdata.1kxun.com","url":"release.bigdata.1kxun.com\/c\/35\/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385136&_=1654385137968&_channel=1kxun&_locale=US_en&_carrier=310260&_resolution=1080%2C1794&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1654385139941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_msec":1654385139941,"pkt":"nLbQ0+MztKXvZygQCABFAAIlZ39AADYGafJnHUcewKgCfgBQiYCZ0vaHoMXdT4AYAffzugAAAQEICpgVo9OBhPyYSFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpMb2NhdGlvbjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvZGV0YWlsP2lkPTI3MTU5JnN5dGpkdCZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzkNCg0KMA0KDQo="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140171,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"flow_min_l4_payload_len":765,"flow_max_l4_payload_len":765,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":765,"midstream":1,"thread_ts_msec":1654385140171,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":831,"pkt_l4_len":797,"thread_ts_msec":1654385140171,"pkt":"tKXvZygQnLbQ0+MzCABFAAMxxydAAEAG\/ubAqAJ+oXUNHbFEAFArm5Oyz2Zv74AYAfZ03AAAAQEICrrGE\/SXERVjR0VUIC9kZXRhaWw\/aWQ9MjcxNTkmc3l0amR0Jl9pbl9hcHA9a2Fua2FuJl91ZGlkPWU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOSZfdj0yLjguMi4xJl9wYWNrYWdlPWNvbS5zY2VuZXdheS5rYW5rYW4mX21vZGVsPXNka19ncGhvbmVfeDg2Jl9vdj0xMSZfYnJhbmQ9R29vZ2xlJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX2dhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJnQ9MTY1NDM4NTEzOSBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +01182{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140171,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"flow_min_l4_payload_len":765,"flow_max_l4_payload_len":765,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":765,"midstream":1,"thread_ts_msec":1654385140171,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385139","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +02409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1628,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1654385140551,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385140551,"pkt":"nLbQ0+MztKXvZygQCABFAAXUeftAADQGVXChdQ0dwKgCfgBQsUTPZm\/vK5uWr4AQAO+9VgAAAQEICpcRFhe6xhP0SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogVHVlLCAxMCBNYXkgMjAyMiAwNzoxNzo1NyBHTVQNCkVUYWc6IFcvIjYyN2ExMWE1LTFhZmQiDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjk0NQ0KH4sIAAAAAAAAA+1ZzXPjthW\/+6\/A8hBKYxIk9S3LtGfX3kkz2a\/uutN2NB4NREIyZArgkpBlxfa5nZ46PeTQe0+9Z9Imf85urv0X+gCQEuWP7qbNTJJJPR6TAB8e3jceft5\/dPzy6OT3r56iMzlP0KvfPHn22RGyXM\/7bfPI845PjtHvfnXy\/BkKsI9OMsJzJpngJPG8py+sHYSsMynTPc9bLpd42cQim3onr71LxS1Qy4tXV1bW4ljG1sHOviJSD0riA2C1P6eSgBwydenbBbsIrSPBJeXSPVml1EKRGYWWpJfSU4sHKDojWU5luJATtzdAkiY0PROchlxY3oYpJ3MaWheMLlORSSW3+VmzXLJYnoUxvWARdfXAQYyDriRx84gkNAQDOGhOLtl8Md+aArJbU4ucZpqEjGHhfZJkdEKzjGYVpUTGpoyDWcAQCePn6AyIQsuL8twjaYrheRi0+n7bQhLMUVgBZi2U0SS0crlKaH5GqSwUrzKZ5V6+ZCnNigeeM644fhSv\/UeuC0LlUcZSiUi+4hHKswhk81IyBec18FSIKey+4jGLiAoQHIl58dWDzUmcj1eGCM9y62DfM9wOXFcrXPDWXFUA5BBR6QXOxdlCc4qYXM1ywQ8ZNa6usFAGK9ZXDDMjF8TMWgdoyXgsljhKxAKeSY7CO1PX11cQR5Lxab53dePkksiFersZrFdhcAOLQ6vhN3y\/HfSbrb5V+ZouxgmLRud0FVo+bY07vd44GkfNqN0nzaAx7nf9dp9OYHHUa1Hapj06Dvx2L+4EjV43isbjSTQJSK9NSMMaoNpkwSNlytrSiZ3cSRxWv1oOk9NQ\/bm+Hp4O1AtOF\/lZ7cqeyjkGoTNp73G6RMdE0lodT6k8YXN4c+gFJNKeJpvl9k19cEEyNAljRfI0oXP4mj9ZnZDpC0iVWl4f+qfODD5HGQVWBQXMO3ESJo9COyaSPCMrmtmH9idJaO8me7Y9mGEdHqHMFhQGyp926U+Sso0HMGEqLpTUs\/wQrGrvst04GUxwSjKQ5YWIKWYcEkk+oROR0drMmdQHN\/Wa8aUTi2ihhHZs42XbqYjk2J+ePHfbjfbz1vOmXR+gdbztfDBa1rUBmSAvxX\/7BZQVnWR4Ktl8iiPu6TlPpJSDct7baJQIEtNMhThSBnKLiAn8oN3tNpt+MZ3RmGU0kouMhbqAqnhX9iHndE74lOigX9KxlwgoCr9++5oCLYdqUZQ7S9c7C20SaWfnnjQNbe0OW2uydoQq1SYXJZmChVXNy\/WOMNZeSSWoYG+Yb2ep0Sx2o4SBA0IrIi7Evtvq9IJu0Gp3m61mM+j0rGqpKK34PxeMe\/Xc9lROo0VGQSSoOniKYwGJSUHY6BxzKr0tJSt1RClZiQ4TyJZ+WNsbfKQBK7zvMN5m+F9KvJFWFVFU1rS1bzdlbjN1fY2uonm8h4anNwO9av0Nw7wpJ+vSU0dXmgahDVVMJ4zTN4mQNdtrBJ1Otxv0G93AK4N3lEuw9WrUbPuXbX8UBEHXdtBwCGMHtaGuIHuSLFisJjstmGt21OSw2TDfFUHMLtxpKl0S"} +02113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1629,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":1654385140556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"thread_ts_msec":1654385140556,"pkt":"nLbQ0+MztKXvZygQCABFAATlefxAADQGVl6hdQ0dwKgCfgBQsUTPZnWPK5uWr4AYAO+qDAAAAQEICpcRFhe6xhP0u0Gn2Wk3A7\/T7fd6rm\/XMYnjNyZsaxuxjL9r9brRqipx+QlDnkIovIEin9DX0GNAPtf+E30kkoSkOX06T+XqmF3k91EXTIs8Kimgwir3lOecejeF6qflqjHhnGZ3XLXllrXbPuChwO81Gv7\/PZRAGwvHww+UTBz6qQs6gsoPnkrW2bRJoTJtIINa\/b6Dgk5fZdPahfenU9Dst3o\/X2dtHXa6izQzCLFJTbWBYoJYfnQOJy8KQ2SVFc2CiqYKfUmt6R8VlFA8bn1EqFZpXTf1tDoJFXV4Wi\/6sG3eqiibCjUi8cicl3vowQPTubvaFJeROjZHCfRwCTDK95Dqr24TQ8XZnrqpDiuDdVFS37fbhi1Lqg5xXV9B9827OkRutnZbf1NxX6XVY22ih+nvHjpVyUsTqqT6yZ89Dwn+gSPog8vuO4keWnTnQKoSFlGyToAtx\/2QjvhxTpaqqtXA+eXZ\/0c\/N34urjBHwa2i6BlQykBS5a1LX7oAVdqXTCb04Ltv\/\/7+L1\/ue2a0sw89K1L4AFz6VOsPQyAtJyu3EKLAr3U\/WEVzKqCFuSB4nslPrO6Y7szc0iqsvIj4NIppYxtV2Sl23ynK+04JkGiABas73gy632zlBjiAXw0HbeEyD66AjQRP3QZuYf\/7LEvIFyt1O\/7AGlsLdxerguuoMZStwb+NoSq31C2ZtxgZZTE04NDQ51KkhRQfwfPdN3979\/WfvvvyD++++er9n\/\/4\/h9fvfv6n\/\/69q8xBY\/ElEcrlyQJWGVHx7vp8QvngZnvkBWI28eqYSlfTcZuHp8rF38\/G+jFgPvEIsPjBY8TCjwOg04LOr9ur9v6CHZbNtX8ILrhKm1APoUirjn2ABWrXnm3Ym59\/xcMgCYcnF8uOJ6LsUaBQDlPz4wMwwe5eFUt2uru2W8GD1N7MoKAW9JYJEKca4QDrAmwSmHNDcABebK5nT0qm0UE0BuKHSTLa\/ASn7BzKc4fAwC+gktu\/nI8AxgnlBpNk\/ItYHNSAXTSAHQwgwHUPhNxHg4t1cRZjgVIeHQOTwbRI9lkpV45QHccUBh4j+l4MYWn4OrPZKJfI7UQkLhYUZOEEUU5zcQihac5749ARabIYparW24xPnWUEABtPubxsUKdw1K7mnRo\/UoO6elmCsamB4BZsBcHP9ceZxlZ4TQTUqjGGufgfooBE09qJJtqEC53\/Hq9DlgpIHU11Tay0B+w\/Yr6OKF8Ks8GbHe3fkugGoy1kIWlhuy0PlA0pVU24sn6VbkDDRXJiBWmdjjsyO\/bkd+zI93aj8N+mQbYEL3RX1Sh2uxKHV6\/MlptwLoyArDUEaGDiwU97qXskiaehltzlbJalRErxAWY2WwBkoPhh8Y9eoBHi5Dp7UcQUUo5uaHWbtotkV1DJQyV2FAJxZOrsQ5IEZYo6S0Y1zLBbtUHAt+PmTuiQHIf+fCqjg22ax1C3qgDbpfuWp8kbAxvJvLJZqN74eT1foAqD8iDEK9wSB1AKY04KQMoN9Tsox6k+ecnR\/7Lz5uPX79qfxY8\/xQw3TWVSiuDutyU4DAq9QYkCRgp6vX5rs5E\/c+jg51\/A9YbBkX9GgAADQowDQoNCg=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140779,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":443,"flow_avg_l4_payload_len":443,"midstream":1,"thread_ts_msec":1654385140779,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1654385140779,"pkt":"tKXvZygQnLbQ0+MzCABFAAHvAsFAAEAGxI\/AqAJ+oXUNHbFMAFBD8y8ewu06rIAYAfZzmgAAAQEICrrGFlSXERfAR0VUIC9qcy9zd2lwZXIvc3dpcGVyLm1pbi5jc3MgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140779,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":443,"flow_avg_l4_payload_len":443,"midstream":1,"thread_ts_msec":1654385140779,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/swiper\/swiper.min.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140794,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385140794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01038{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_msec":1654385140794,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEGNAAEAGtwDAqAJ+oXUNHbFWAFBjG+nbqUorjYAYAfZzhwAAAQEICrrGFmOXERfRR0VUIC9qcy9kZXBlbmRlbmN5LWFsbC5qcyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140794,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385140794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/dependency-all.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140824,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":1,"thread_ts_msec":1654385140824,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01026{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_msec":1654385140824,"pkt":"tKXvZygQnLbQ0+MzCABFAAHUlAtAAEAGM2DAqAJ+oXUNHbFmAFDqwyBTbdxR+IAYAfZzfwAAAQEICrrGFoGXERfuR0VUIC9qcy9mYi1zZGsuanMgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140824,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":1,"thread_ts_msec":1654385140824,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/fb-sdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140835,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":434,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":434,"midstream":1,"thread_ts_msec":1654385140835,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_msec":1654385140835,"pkt":"tKXvZygQnLbQ0+MzCABFAAHm88RAAEAG05TAqAJ+oXUNHbFoAFBS0EalvQnYUYAYAfZzkQAAAQEICrrGFoyXERf6R0VUIC9qcy92ZW5kb3IuYnVuZGxlLmpzPzE2NDQ4MDc4NzQgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140835,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":434,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":434,"midstream":1,"thread_ts_msec":1654385140835,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/vendor.bundle.js?1644807874","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140836,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":436,"midstream":1,"thread_ts_msec":1654385140836,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01055{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"thread_ts_msec":1654385140836,"pkt":"tKXvZygQnLbQ0+MzCABFAAHoPA1AAEAGi0rAqAJ+oXUNHbFuAFD4VTA0r32OCIAYAfZzkwAAAQEICrrGFo2XERf6R0VUIC9qcy9hcHBsaWNhdGlvbi5taW4uanM\/MTY0NDgwODIwMCBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140836,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":436,"midstream":1,"thread_ts_msec":1654385140836,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140850,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":414,"midstream":1,"thread_ts_msec":1654385140850,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01022{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1654385140850,"pkt":"tKXvZygQnLbQ0+MzCABFAAHSWjRAAEAGbTnAqAJ+oXUNHbFwAFDyLD7Q6DFyGoAYAfZzfQAAAQEICrrGFpuXERgHR0VUIC9qcy93ZWJzZGsuanMgSFRUUC8xLjENCkhvc3Q6IHRjYWQud2Vkb2xvb2suY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140850,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":414,"midstream":1,"thread_ts_msec":1654385140850,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"tcad.wedolook.com","url":"tcad.wedolook.com\/js\/websdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1654385140963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1363,"pkt_l4_len":1329,"thread_ts_msec":1654385140963,"pkt":"nLbQ0+MztKXvZygQCABFAAVFItxAADQGrR6hdQ0dwKgCfgBQsUzC7TqsQ\/Mw2YAYAOvLegAAAQEICpcRGHq6xhZUSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9jc3MNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogVy8iNWY4OTQ3OGUtYzJlIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo0MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KDQozYmYNCh+LCAAAAAAAAAO1Vm1v2zYQ\/mz9ivvSpTMkS0kLrFCQAe1eiqApECzFin1kJMoiIpMCSUW2i\/z33VEvlj1JGZbOH+KYvHv48Lnj3YVLD5ZwV4uSa7hY\/bSK6PdndS8KDlZVSQ6mECluMplCptmG10o\/QC1sDjnTac00B5YkvOCaWZ6C1UwaYYWSBqEILbe2jMOwruuVSJlcc61WlQkbXPx2h4et8S+q3Gmxzi1cROdRgH\/e+vBnwVKxERo+4ZEF25QiFYT8Jecgfu0hZw5r0W9EwqVBlpWkO328vYEf4PP1l3b7D7wFo20lY3hfrStj4U3kE5W33jL0wiVcvezjfWBGJJ3gd3ZXcAPeyzCvrpDaqpExSJS0TEi83DdvsWF6LWQcAausuvQWpWoiE2teMCseOa6pR66zQtVxLtKUS1wJan7\/IGxwz5KHjCU8eBRGYEIIuxsYbdT+OQvzjIGa3589H0Pxu9iCyuCrYwtZIZIHroVcA8qx2AcCQ7yNzy+9p16cWrOSEh2lGZOiFqnN4\/MoejVQ4ZDPQakVeqMKnUJuL1N640PBM+vjiynHXdMKXwe+iTgypwbkHzskjAl\/k76Oyq0f+dGPp4buUQUWH4JcB1klEwdICYuWGDaKyCjbfmOEar\/XoJ\/w7HdnSfZWzzFU4\/za5RF2Rw4n3AZek\/Id+U8oF4wCNVEotxQF0taMU+\/WR7h3W+PCtnjzuh4dOkHfW4zFfCIzB6bHavb2U1IOPMeJDOqG2gZG7DFLY6ByxCXWErWldKZMwX8ntid3Di8405wjSsrhZ+hK3uBVHz3M8WwEejCBqmzHZ+Zmx7az0TgynU27oeW\/PLut49AV8oMerolSPcMSzmzsyhBdrCvhk1r\/91BQF7z+7TyCr1hhVW3gNleSwzuqx9jMBr2oLt8FudJiTz2pIJbuHdFUEbCmekHJZLA7qtHohC3JimTOBbPpyfse\/fgvVWlIsNGrDRjXjn3IOc40O1WB5DTQKDAlT0S2c9nsmuuZcfOQU\/\/MeJjt3Ph4F+y2rsz7wG2y+t\/6OkbgrqXUjG7I5w45xKS+twiXTSe7iLCVYDbknAaqGLCz4W80GcmfISQNfGYIiRWwwyQQao8DzFcjkC6+j5xi3iPj3ENRx9Uma0luVySoX59yaoYOHEJPENwsgsv\/gFh4CIFnvXCW8m77IEIznn3PKB4yJMB5zeJ03V6PpNjzQQbBfWUtjaHL0N2sK3aNgifeLhcO8jauTTo3AEN5WwUnIDp9RzH+Bl7SBF8uDAAADQowDQoNCg=="} +02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1654385140978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385140978,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwZAADQGnGWhdQ0dwKgCfgBQsVapSiuNYxvrg4AQAOsJXgAAAQEICpcRGIq6xhZjSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0yM2UzNyINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA9y9aXcjx7Gu+33\/ChLWpoBGkU22JJ9tsItYUqtlydZkdduSNwh5YSgMJAiQANiDCPq3n+eNHCoLBCV7n3PXvetqIGrIyjEy5oj8j6dP9vcu\/nJbLN\/vvTk5OuG\/vc1efdDYe3Z8\/EnG35OPw\/svFrfzYW89Xcyzva\/mgyMKXtzoy6PFcvx0Nh0U81Wx9+Tpf+yPbucDlav3sn7jrrboXxSDdS3P1++vi8Vo72oxvJ0VBwePvDgq3l0vlutV25ULt3nvaLgY3F4V83W7T837x41W2VDjbjqq75dFGuvJcvF2b1683Xu5XC6W9Zof5bK4uZ0ui9Veb+\/tdD6kzNvpesJdqLzWOF0W69vlfI9WGvct+1uvMfZiNJ0Xw9p+GIf7vu1+WuvJdJWVHdLI3\/SWe4O8082G+eBopRnKCq4Gi\/mgt85GXF7fribZmAu6Urz7bpRN8rv7bJpPjtaLV+vldD7OLriZ9FbfvZ1\/v1xcF8v1++xShWZ5zS1YLbvKq+36\/mvwV0ejOZVP17YW99k8f\/pz53x1fvvFyy++OH\/36XG3udm6\/+DpOFtQ7PBqdfg0u86fHtY758Pe4S\/dxtPxNLvZ3VifHv\/1mv696K2KeuP+VC3nV0fXy8V6oYXP7xy0tGYZE7BaL28H68WydZWtihngwWWtls2K+Xg9aR1n68Wny2XvfbnCjTs\/quHRoDeb1TXdjftsXKzLMr1YaH47m+3nvfbxWa+tkp1eUz9Hrv6uLVan121VK9NqvFr3BpeVKrWKfUZyVSzHhbWrFQwDqDeyXgkxDLd4853Be24A0VfZdfFubbfhJuvfZ0VvMEnaEbz4EV4d6Z21lGkH3WdXveukaCxoQ4qdrtPF3rX7LMJDPxvE4j03czxSpQ3qNZgsa44ltyoeHvWur2fvfY+WY9uEK1Uwmi5XyQJUKyhu6seUmfV+tcjhCWWKm7IXrKKb8mTFskHe7DXrWs5+6zjO91Y\/B2f58cFB\/2zQ7uhNZ9DttjpdVT8flvVXO1ku2GZj1aVrKzDic01xa5StwEotNjI\/2epa21l3dsESgafWtAOgsOP8dVwGNyQWk7kfZkU2YtP3wkR2jrubDTt6kp+w9eNjD6wggP2T05FQWH+xmBW9eYlJxwcH9Yt8XKls4itrNhvZAww73myujqarLwKCHjc2m\/oYdNKg9TyfUt\/YAe7k8LBxOj2bnE6oCNzqdlS9KPvXmXQbDfVruDed7xWNXj7uDLusVKGf8X6eD9S9gwP9qNXvZ73p3G0OKAwNa1dNV7bRedBotOt9\/mO44MbewUH5stdo97SSrfg8rcveMn9qnhrd3NcvmGQqbb1ZTId7x743VoSnAcWPy4Wr30F3elCElicVtWZ91vymt54cLfX4qt5oHC2L61lvUNSfnn8OlqzVGtl09UPRG75v7R9nhQhNCWfA8TYRgp5k"} +02437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1654385140978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385140978,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwdAADQGnGShdQ0dwKgCfgBQsVapSjEtYxvrg4AQAOu7rQAAAQEICpcRGIq6xhZj88Ui2cwNofu4HpWPHTaoBRhi1RmcMKnIEh85BGl\/wyxuNqE0ZTw6qfWESB98\/aMRvx0N7nnceXDQy6G5jrqpvW\/Z9svpYMcn++lK8d3hdW+5Kr6YLXqQnQabUp+\/vLpev3erX6nC9rrBd19w1Gu4cQPz\/sK+TtZ7x9dG+zebAO4sdpypzaZ3NF8Mi9dMnAN+N3I6Vra0Xr4X\/wCCLBH7wcH+hUOYvayWPK81kjfpByWpy2oAe6B7341qZUv3EH5Qe8TJ+yf3tHt5tHg7\/xo0adupMg17sQ\/9RjpJAYAddAMa\/c0mKXqfCVAqM+WJi1aXdW33mrVaK0xYZM16TGIAoRLN9NqTztTPRQP0Ej5rqREYuh57b7bo92Yv3\/RmZaNQtL52MXzMVb3PtDHBxbti8GqwnF6vE1ilIG\/4Nsy3yBNf3GeD3lUxE0dR1hoBe68Xt+Miq8Gs1Mr9eZ3d2FYbFt9SQ\/JxQmYdXOg9IGswomvYmK8XbwMbo4mtPtlBuEViBcUg9vxYqCtg7nG+BMxOWWFK8HfcuBO+PB2dFaeFQ6tD6nfEtdcpQJ4NeMUcDNjoL4ve5X0xg6XWN4XbG1Tyr3zxeFvGO1lTRaaff629X\/8qwCJgoKVOZjvgIMMpgjpgri7IK1dqLiwqDueycAgtgJ8THjSvAwF3pxuaifipvqx7asJebgcGbZDV4M3gnFP4Fa\/Xg3w4ABvAsjWyAVhp\/rDNuJpaNyDT5tJvnrH7vg9bNnDbUavhmEoI3wB+c9A2knHVe1c\/zobNQaM1aB2fDs8GpwO34gOtJPuiD3vCUgd8tze4d40cnjAbYjWTeRTUuploxuaGwBrU2Ld++nYynRX1wdmwwbI2m9283xnyY8An4tdwBSI15HV3q6gfZKgyB0LY2JC8Sk80P4LIAPGINyO6Aj8TJmKS7w9Ox2ej0xEjHub7SFCdEaWANXoyOTgoTO6xp5ESF4KBhy25Vh40oH0FrwRQsDwTQ5tJi6FBbScHLcODg6lrdNg4jZtq5DYVa+h7+MgHfmIKv1MZ8RSQHd9Oh62TDAHnXSKnmMhrayU2z8PsA4hk\/esgik6\/m\/XzXtbLmRwR0S8CYwZPUx\/kXjyJLGH2rMGaxx0St1fP94x9Ih42CzJmfbsCmCwQ2JG6znolPyKNum02syLwTOJV3pZrH1prSq78vLdmxVa31xLVW5fwj15qqX3mmNQ92IV+sdxzUuxeGNiebTj7fO+HYvzy3fWe28NOTK8ZP72u1\/ZgreI4bU4nnVpnYZLVXq3Zb9a6NWB8CzezJ\/0E7glCvBwRAXNQsgVhYUJ58UeDLf6gvX\/SOtEWjQwEu7a9f9wqWSo+OaYE816b23hLpKMtfiZx5PDEwOxeQLEqFy90r5QIskk2zS6yy2yWXWXzbJFBxbJltsrW2W1eW01\/+WVW1JqHYfqzN\/QsaC2yt+zBd\/z\/Ph\/3kUl\/cT+fup\/PkmZTCqiuA4mzHGVKBp\/1Ik\/0HNnn+cnz5x+dZC+RD7ZVEF9IrfHH\/Iuj68V19qV+pcn4Klz8iQun8PgzV165kVB8Bh9wSJ9OD5x07BDp6eCsf9p3yNLEuH5Xi+C5tb2+Xzrhya\/z2mBSDC6L4cZpEbjord7PB5ve7XoxQl20siuY9vcbCeLLxWy1QZFTLDfD6arXn\/HBZDocFvPNdAX+2czgzjdXt7P19HpWbNC3zDcQ4uFiPnvPhamOaGvAi2Et+yavdc7P3z07Pj9fn58vz8\/n5+ejbi37Nq\/V261z\/jlCuXL+9rC76fxMwePjQ\/72jruNZi37Lv828i+1t7Ws9vZ3wPz3ee38vFNrftOsPanXmt82aw2q8vedJz9\/sNn\/Z7edN\/yTduvDetkUbZyff9htPGl8uDmvbb84r+nNeW1Dvd9Rb2Pjazk\/p89\/ySHNscHz"} +01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1654385141007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":758,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":758,"pkt_l4_len":724,"thread_ts_msec":1654385141007,"pkt":"nLbQ0+MztKXvZygQCABFAALoSV1AADQGiPqhdQ0dwKgCfgBQsWZt3FH46sMh84AYAOt5XAAAAQEICpcRGKa6xhaBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0xZDkiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjE1NA0KH4sIAAAAAAAAA02Qy2rDMBBF9\/kKkY1lcOW8W2K6iCGFbEKhTTelFEUau3ISyUiy0xDy7x2l7mMj5nnuXB2VlubIiu3CnbRYaeXJPSkaLbwymsbk3CPkIWcKGzTEhPC6XskQEDIn0Ww4uRveDqbT2WQ2GI+i5DojjNkp6Ga8beC7\/FlsD\/trFVf\/yi1Yh2qhgcR2zEYRUi5xhi9qL+p62YL2ju1N+chLeFFwpNi9ZL0e\/b1VJsQlRMn4jGstt6TCtKgc+pGsBL\/cwyFQ8tMzL9f8ANTFr4O3IKIKQv\/P5KeVpEhC+xZ8Y3V2wakOJSxwDx0NGRk2mJIoo2SAYeaswLT\/4X3t5mkqjNYgPCu4gC3+DNPgU9Dvm6fUyR2rXD\/s4ams5hZPXBsJ+OMOrM+hMBZoZyV4ptKIJhhJSOSEVbWPMPpB31QOkVEcZ1+K5mSs2QEAAA0KMA0KDQo="} +02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1652,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1654385141021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385141021,"pkt":"nLbQ0+MztKXvZygQCABFAAXUlr5AADQGOK2hdQ0dwKgCfgBQsW6vfZ7o+FUx6IAQAOt7dgAAAQEICpcRGLO6xhaNHCwI16MrW77BnSuFmzoykUoRY8lU4Y9BxcNRoFb0Nbq9knEDoYSbOgMHRrfnqOX3O+WBrjxffQX3ReCDHd0huHxstQ1Cl\/qCI3JJYcSFoSljElAiEYABMWaZUpwIs4TWVvNRU0E04f1s4mMZAPH8ZJv5kyEw4gxQnp7DyGbCSAzEhQ5WUtEp01gvCvJqkcZxoD1kB06PnkkrzDYXJQ1MGeJC6VFSWBTzBI5Z\/t3F+8naQaVSej\/ZftVcv7yv6uvTr8ukGGw01mXvTeuoCfsSOEbkIIlD7bAu9Acq\/qe\/\/9tf\/vWf\/uMv\/\/DzX\/zjf\/7d73\/563\/\/+ff\/hj0vun\/547\/86W\/+Yb77GfUjZ9IbTlBLryo\/\/9U\/\/\/KHPyo4YDi9BWaPWNxINPA8fGxGZ7Ly\/JDCsRwhxAvaM\/YA7tqsMUg+6kiqQORpMzNKot+7rlaqj0ywsK5nZSWXoBx4yLtHs0A1l1MExo6hxy1Y+6cwLT5PmWU5lzTJcMbDYoWUtJEK6o\/8CNXxauRGQ0cX327o3cirwlH6GNFTjT\/FQUFu+D02rEOW1fzNC6TxCmRspFbl5W+KvIPl9kxlJpEnpfhE0oul+9LkWYknx7owSteNNIW2KSX+thqUDaQMFsv9FVgu6+WLMsh50uyUzosn30zQrKOV8NJfnjorMfQlpB3jBuovbdAQKf0mZf4E8bdX8MnmJCHlCzeBIc75UTYvkwSkhvkc4Gx6j9Cz1SsqnHNlRu6WbaMag6X\/qkQxl+sgsO4aEiWUuZyfTPDf9aPIHyEhCyCaT+jJ7IwzKtAh5VEKYv37uP9EdZIkYgSU3iX5Ct6pHjTN9AbOECnmGwjuRTi2vATBTJqVpULrVSR8UYLi2oWvnC36N4eLRPWsLkAnKG1hCyovNCdpm+gQNK3Ss7werCGrELRCooVpRJUaSEDJtiERERNCK+O1yZFU9f+tpLipmZNUos7xA31tQvlpFJ7hJogMtSrZG\/7BjdRA2gc7bLCquzRTwmvpJTiAcI8TcaZcJLU8JLE1pEHp8d6mkiSV0txWpNM3dogujMbcYlr6h5BVLCXtO1Rvtk8jkiaWc63H7cyFxW0g9Vk9vcfOCtUzvSJcXVET+wKt4ryhsc0Am1stFnslTwBoBq8eRFlr0eP37hgejifz5D9GKMJ1rm3rjoqoT+Ft4tMGXWn74uFs4oB+anrn2Chr489nV6hJ44+vApc\/nOLjzoAeedFxBMzYq65n3lfrCr670Wt1BV836qt1JcCfWtwqmmuifZW3p+QhhBBdEXGg4VvLm1j4YlBXXjndQDy2qUYbTc1xgFJ10M7I\/RZFeDRiMiTw5mQwIRqUUwcxACoLw\/NxL\/L50xFy4KJxH1+PsUfORt+8t+VqKiE\/uqz1jQ+qpte0qb6fA9E3hqoW+50VHY6n\/iEHjGsHFRkzlQDUMAeKhBkv00XfuFW1y6l+lAPI+orVqX6a05ksCVCA9Mud2Ya6El0pU\/02Z6xMJ6o3p\/qneSCUo5Gql2JFFu\/E3CukH39EHhffpinlahk7VCtvbaw56y9fVqb6OxkXqSWSH8YnCLdrrm6sFfvGoaqVLKawnl3TUViuPmkOLlaQ+\/CwqZWq5B93X5g1hLtn2OH96Cp1ky1V5RsGYyw2xrNfmmuIcr40N0oegoSgJClDlPClnJaqxGutvApuxcWHFS+qyjtFb6Mk02DlQioQEaG8xLJM+XGRexW6Vi0C5IW5uqNaRUxc3qyrVkndJCLwopEEp1P9lSxDMZLWl28frDhK\/KA0oxwwrszoZ8rczoHoG69mlRmlWWnYQ8yXShX2I7rCYkMTIxmQFtejdYApy4HGTQw1qQJbbYuvfLIO3kp1ZcV7sfXw8EzFM64z3svNBHxVLJgYvcqkcjg7OSIBxo8IE3CoZ+rdyiqlP+6e"} +02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1654385141022,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1421,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1421,"pkt_l4_len":1387,"thread_ts_msec":1654385141022,"pkt":"nLbQ0+MztKXvZygQCABFAAV\/lr9AADQGOQGhdQ0dwKgCfgBQsW6vfaSI+FUx6IAYAOsf5wAAAQEICpcRGLO6xhaNww8lvHfP1yoVTdup1qGXP8qj53hMV3qq381D5uoEs94his4dlQyHNT+skIrlDVX+IlpUre4o45FSV6wRdmczZ0zfQN7NiPxzHJAiez3Vd2VAErzf75sSVaRwn3zPOe73EdfAYm1UtG82+Ne90ZVzily1Z4fSMgl6WCVtMSWz7XpwrkAoBkvNYjzwYl62d7soAjSZ4sMrxBcn6SSwBcYaCxsRzEvaA\/RQMvHEdi1eXlRYWzFuE+XGBBcfiKZZZTCofqooReqhwbmAtRhQwInVpTFTfSBLbm7dhRieV2sPD9XaVH\/9FOipfpUDxnceaqbZznuzACIVtZiaQbtLoZOFYfDhUvhkxRj8sQzPfAWTyGXrB4\/6EUUqb6DQGrsIASeSf0r+rMbh2weUfZaUYsQ\/bsBLkV6EyLESJ7NEHGP\/Hif7t3Asn7BFbJFi0rLKuOjJCAReZgGKNG\/fGNGJxJ5wHy8qZ9RGhotQ9Q03eYJ64\/2ETr7zHJSSOc+yq2rMosPdiidnbmIad7t4\/\/5yR72wSp+apT+\/1BCES+xqpPO6\/+iZiQeMN0NmC+lr8f5FiE+vqI2eQFYcdQGMmAl\/ZC+V51WanjW8w90f\/Nyn7rGrh7qvD\/RAt\/QRXM0L5TXLwiTQx90P+PUF5dIMGu5FcGnS\/x4eEkqBi1qMn1iH8RM+B7nU+Kdg+JSVfS0RQnIMZmhWv4lP74ZlhkYvUxzsa\/oIjTgQRblwuHt3Zg2OEAFTfe2ictmwDCu883r4NQDLCIOeSXW7KGpCrcER0q8IT6HuKNp14I\/jAwywg7AwD6rrcemjrtCvKYzJHyyXb29vRc6pZMXCYRmf9O0DfSg4oCqLgYXPghi9aDlvljZWK9XN7fXVUnUDDVRnK4DoKwC0jPE5EkvKSNcF3Mx3+W9sqOK3NvhVAUW74t1cFt0Rv9nBLSbHFX+LlhkaF+xIgSExVBdTFVk5GMrr1HR6+B\/p5QYJ7f8F1OZRWYqll6X2iP0gifg8\/EhFyTo7+4a2t1Ss2Z84YdL1nirX7FgUm6DKTojV00qeLFLodixSTpxgZCl9jyy72PPJtIlsYrtAH9bCJYq3LGr5bJa5FL9WoN5SHSDf5jplRLR7+rgEiYOlVGV+4kVYfD5SFI2S\/HExsMx7VtJB2Omkvqc2Q6QLTH57xbdDUiO3IBJl3MyR\/eNI4Cwy+BsqRM6iYE1LEawKBCLPmkUhGpciWRNIQqr+z8Uk9+Sg48Y7EZNUpinWgEk1kZtgH7W+srAQhE5yRQhEZ7o+Q7gz3wLLaGa\/Bpb78CVwvJTI8ZumtGhSe5YsIxwzT9jVq\/EnwFMZpzHxwiu3H8m6iX1EGp1RgRl5cGXIkcZnakmeJLhWzXwVzWhmPZ8lBY5rkQx471MkAB2ekUCsgzkyiLsyGvG4oufJIR6RJwnR91myiPEtkkbc\/xR5YDvOyEPefnnbJNOfkYzck7NxmXHNfjzPlCEzLE9GMsBnCUoeuHD\/ZIDyRTZd5idkrDqvHMdhgJSC27+jjz4teAnJYdLvtvDVAVxKUb3Q7zbJRaPGNIqp3b\/ahXcGuHsEclt2Xalt1VYra9Xa1tZ2pbIBD+pjvzsa1imLqIvavrpyUzO2FcRoMbg5HrMfnArpy1P6panvkYiC79tIPVkbniyVcJEx\/RDq\/Q+haec7kyFzJqEpcv\/uHfJyGB9HFaZsfNZDDbXGh9CAkXNteiAXFG4kLsseXGSjj2w6K93xnKiMX5I7Py2H9jW+AFUaIGaho8ppJV81x0mNcZY+hMCFUoc\/+y\/qLnGNmk8AAA0KMA0KDQo="} +00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385140836,"flow_last_seen":1654385141022,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3231,"flow_avg_l4_payload_len":1077,"midstream":1,"thread_ts_msec":1654385141022,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +04379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1654385141023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_msec":1654385141023,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wP9AADQGCMyhdQ0dwKgCfgBQsWi9CdhRUtBIV4AQAOt9HwAAAQEICpcRGLS6xhaMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMzEgRGVjIDIwMjEgMDU6NDY6MDEgR01UDQpFVGFnOiBXLyI2MWNlOTkxOS0yZWRhMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA+y9a3cbR5L3+f75FBB6Vg2MIIikLrZBo3lkihprW7cVKXt6aQ0bBIokWmAVGihQ4pD87vv7R14qCwAluZ+Z2d5z1sdHRGVl5TUyMu5x52SRD8txkbey9lX43ShbeftqfNKaHeYf2rOsXMzyhn53s8\/TYlbOty8Gs0bRV1H\/ypf1rm4641Ev70yKwSgb9e5s3mz7TzN9OhxMJq0itNApOtXvss2D+6x\/Z6N6caNu8v6ncT4qPnU\/ZcfTwfDj\/zkv8un2mrJ+GH5r3BkwmWLW0veLzrwz7G90Jv3DD9vDH8fdSZaflmfbw3v32vP++HD4oVMczj\/cvTvpThfzs+5gOp1ctiZWyLh41d\/YVmOLxjhv0LAanfYHh4sP2\/NP43J41iovp1lx0pi2r4aDedYsjv+WDctmL6NKNajSfZn3y+58Mh5mrc12Z9YvDzc+hGWK4y9ZnXH7KjucffDDKc\/G886hlbOSRT4caIvaNzetaXv7eJYNPm5b16EJ3\/nUvxtlJ4PFpHQjyg6nH25uNKP87t3cFmt7ElalPenOz8YnZavtNixfTCadsr0NMAwYagUMGyxLp2xttG8MGGZ9tr\/oX230NuK2l92smn7WcSC10e\/3i8MstpSv9HNRjEeNjTu+muraxjDf7Wwyz65U0geifL+jYrg4z\/Kye5qVe5NMP+c\/XR4MTl8PzrNW8ywbjJptht4Z92PVIStWZr52qzkfzsbTssksu9rKfrPMPpcP\/ja4GPg3nXF3eDaYzbOy31yUJ\/e\/b1IymF\/mQ8HruDufDdnW6b1m8152r9k9XuSjSdb927zZmWkDs3y0ezaejFpjdqxTds\/7Gf8O+zP+nfabTbeOrbB5dhQ99JYCuqzN8r8xqOpOZ0VZaJTds8H8zaf87ayYZrPy0i0j7bbbdajMDssPHjBDB81eAjIVtJZfhVbaYiVXAZZuO0X7yibL4XHQaoVL0GqDWQFKOs4O9erDTcAYN63DMNqWGgJ48tZWu5O3Njd+0J+H+uc7SrKAUvp56\/HDrfZNp7P8ZXMxzxrzcjbmVG6n9b97SPUv1g4vGzPtShjd3btZ9+gom78qRotJtpP1rpr+iHHwbm7K5KUApOyCJ87eFYsy48R3zwcgjbeD8ozf+4ZB9KMclONhrFP\/wft32Wg8A63wky0\/n+rHq+y8mF36qu7YeMyct548fNQG5Getot0ZsDRPHj5udxY8D9qduT0\/aYMXZ615G9TI2j4GH015nrQ7Jzxvam1HPJ+0O2dW\/7t254Lns3bn3J6\/b3cueT5vd06tPjtyzPNpu3Nk79mmXZ6P2ttLIx13\/WKxMH4ui6QoznSYFmrx+tPlkll\/lBTV1vAifeFW+TIpqjbhOClN9mk3FH8NoFIQEaR2Zh0uoA73jt2hRYvr7Q7Ao3tjKETqdgo8WLaH\/Tz71NibzTjuzVfjfHwyzkaN7PMwm+pSbhTD4WI2y0bbDYFweZY18iK\/fx4qjrKLRpZfjGdFLrzXAKlbpROwdiNTq43zbD4fnGaNQT5qDEajsZodTBpn2WRKrcanwSwf56fzLtjPsKtGyVWZzOIDYLGxnY607M6y6WTAHfbg\/5g\/OK1OUDwhk8PpvXsfbtqAWDcHD\/ebL3JaHg8Y5C\/jYgKsF3nzpjybFZ8aw+7JjDrzg+JtMe1vdoY3dvEXyeXRvrpJDu6MLfnKKdc0ZoDhow3u8P4s+bion\/j2VQ07xM10BFHAwv3B7NRumbm\/KO9vdvJ+tWPvssGw9Cv+B7sEthsX4\/m4bJyV5bT34MEJq3VcFB+7p2CCxXF3XDzgDhqWD7iT5g9sq+6PsmExymbds\/J8sjMO69WnOQiFje3Zj+X2DKIlv9dv3mU888MPepfro\/fvXuyCFIocKGjFsR7O7m1+aG\/rgzpoBKAAPr4ZriqYmn8dmAIaisDN5e02u\/gCPED51SGhuEmwtTY9bI\/uhC\/uHMdMpAuHLLu+jgcua7tB6NAdcIf6g+ev1sF8Pj7NG8NBnhdl4zjj12TCcRRSaKi1htYrB3mN8wyiItBt7nPuh5swPG6L9lU5uxQNfafWuieg7mzaCmV2\/Pe5mfLTVnNwPBQNctLKDh+ztaOs2Wk+bjIF3wIETnLhi7yZ02lFldFoIHpLkWM5QJP\/uMk\/QE152Dxq3nNdscrF+S4EzS6gA131oZ\/bcGZf6qlsc3FNa0SKvw5LCLIbG3hzY3Pr4aPHT777\/ocmBNys+7dinLeazXZ92tCJgUjUpFnQ07Px3z5OzvNi+vfZvGx259PJuNSHXWa0N4DGDkura9gowOym3Vn\/dbViH7PLeSCc3O62RKa223FgN1DStA617SYD1+KRz9pF3788Py4mcy5W\/\/o2cow7d6UGdY1UezHfy0Ems8HxJEsQEzCz479xY+1Vcxa0h72d6WoBtWW6vzdhaeJ5D0S8WJursJkJOhiCDEIrExGWszaErfiyWWfSvnu3NT+cfICrm1APMISiW\/SL1qz6SBfB9MdF6Acc3x6EBhawFa4N\/VIz9heK14PJHNp36QiLrFuPfiG3NGf\/6abOcTcHWnVqRX1xFp6WnJtjyAJIEt77U1S2r6+\/X6muT38ZTBYZb5oNw7z3ReT3Gs175b1mo\/mtH2VQXpfxq+rAF4LLsLbldslwj2bQ\/RmXd8TM2+2sDw53\/HRWfTx2k9WdlbPgGSi7e3RWzMvXDLtfdsrDc45oVX+gzlTbugkVt0t2cJRNshJKgS+gjKtGhL4S\/LRwPQo9tah2Mhmczu9eiKXY5bAxZLEr6n3eDmxrOiG9ZXYAedk9GXNirf521gsrYLxyLrYlX+JTWgvfIiAMfwwIF5Cg3aNRcf7imaBOnN\/QreW2Rs3jYHvQH3Rz9mt\/fDwBV6phKNnOkLbGrTns\/jZMcTnOF1kju5m2mg+3mry84fpwc7vur50cbLAXfzSESoWuM1bOY6uGfscDU0p+cMeKrCKsG+ICvoK4604HLIdtV\/hWQ9\/OAIPqlfHctskdCBI2awbbQ29Uo7Fi2mq3c+MJnYTi7t0F5xJg8ACTAMCwAgCNO9aw5QIMYEACVOgo7JQ9Daea7MRPtroYqw92tHwPm+2ee5lCUZhbAljLy1O1s92uVsh\/8NZWacc13FM\/j5owcDorGq57bS3CMngxTbU2gtmk5zjrpMxQ91TcCGSfuJjv+Dvi7xaMIWxMCxaRF90Xz46eHhy8e\/HT+4O9o9dPX+2JtRnB1zSPOLWQZS9yWDXo5Bf5vBzkw+xfmvdewbB1Z5DRxTnCkbLw+Obhk7aX59DDZf8KxLQ7KebZnDbct8+5bHWUevMOL1dKhyrVe9ULb3uTzhRuT2exOoq9RSy09sYdgFdV7GmQUsiXS0zL"} +04370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":1654385141023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_msec":1654385141023,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wQFAADQGCMqhdQ0dwKgCfgBQsWi9CeORUtBIV4AQAOt9HwAAAQEICpcRGLW6xhaMEpp1mOZOq1lRM3AjoFakWE6ydn19x4vYgtBktaRbE6NImoX8K38\/z569eYUc0P3+tZh9zGbzXtLVndCVe+cr7l1wgl6O52WWqz6yqTutMAYYl9pr3vnRDcqSFbCXXIfW+y\/j7JOklNZEqIcgJwNhjecvctdr706eLphjKXQ\/hf8CZhCmXLmntICwF3bGo\/zhapQdL04PimLSm7m77tvpVX\/GY6fx6kOc4DpLXkE8dcuzQfnObhIQKWKm5Pn5ADEZQH9HEsb0xcGMC5ByDkWt\/DXzoFzTWXpzgNyxn\/TshykBz029jaeeQapqg0999ewmkdKw0rHBdUsbXhoN\/Qa5B8fxHZxRPhxPsgMO4JwCuMe7d\/cCJpm0mtCdzeR+K0R\/M0gYVXjlcjyYjP8z\/bjV7thrZCrlZbyf5y9NNGz76t6LODpG6Px\/LTKW7kRkx1v2NxuFBjikKyPrf2HUSQtsQ4WRjQRAdoDgV8Jrv3CQhJ297rFI1Gz0fjpCaAm+NyGDq1g1MHA3eljx7tF5scjLNzMokPtcB9VT9QkItSIj1q7Edsnte+pR8Y4t8yOklZ1QFC+J0+6cEyfZ0vG9e\/FOcAxIafyH0Suz\/imCWzHk3SNJRbnKd\/0Kz4HplTJ3wgT\/Y5EGZygJOF\/Tl9lFNnln1BUyFr1GsKXvTViSBzGwCXO747mBUPjs15kEsjNuX75ZQ6NJaNa0LxoLW3ARewttm8mTQTJFPgcCuuUY8TICXcZ10aVFSJ9zt0UvTl5nQ4ldZpe6wIHBVRjpHNPR3btpY3u5BMRwJ4GImkNtz39EM+IUFnOo7cyo7QiR3Sz\/uyCzJTUF51HguYBCGoZ7BJJimcapgdZ4\/pOAi33w0LXTOo10je5pz0Vzx7rVsOqvF+fHtoTrivvH9zbbbQ8ZK8A7h6CpIBA6RlT+ZWuPbVoaScftgh8X0vbBtNfYHeR\/RM7iZo0YoqFi49O1JqagabCmIu0bn84gvt2okVjMJDoTV89cG\/5EIfTqHMU11FCQWN7ZMIQrhCgqwqgJRJuiJrYeenLiCX8lFN2SUPWCH9+BaiUV3dw0KsDIjFMIRiSiG4hD64iDPjY7ew7LfOpfVQiqYvg89lp7KOOBvOkMRWl821fpQWaPxWAjv0M2LSy5tp925wDw6YWz3t\/gTvv8xeHWsCVgj76khYB9\/Sjrldmb8cnlU1hRqUje9g8\/dT5\/2J6iMIwcdue8I+oquQL8WZ6nK+DB++1NB+alnC2GZTFL398+X7chJ4x7kqHGMy1G\/bj5S6M2cvfVlzB+rb11uMA3u+6VtX7T8eilmoe\/OP1kzwP+cby4puj2dV2Toe7tNTqu9RsELKMupJduPE7NQYFEYFvY9qAfLmmuWWGr7QAk19e728YdhQKHnrN+kVx8MDxhEK1FR1QHSAHZX1goMARIdbd9pYNiHZb9o+3lU1QiD4gwA00fvi4BoJvORwGq1LDv1iDfZB3RstaoiCeghC9sZh9SxrUbsBVsALfy6eUX2vyONpthxZCLeUI7W7rY3f36fcV5NREYA4p5+skKmnRf\/VB9tccYbzpv+le3Uk7GDHY8DvT4tTfueKzqCmBWTibwtzbNSHv0Dvzsob96HzuGk4cpGf1mWUi7QjmHdZBCzWlLIq6bT3UX7Rb5yfhUGlJhpqMS6ZbjmiQIUVGO8uAiM5Lfyy2Lvr3QZepPfNcYOAndIzEy1u1QSHJQLIskxl4kgbTrcPxhe7Gj5vjVXyAc7TXdECSIHdubrivoz3qhXk5luzWgxQHnO\/08KI\/ezqBVuI9GO6tFvRyglW1FkEwB7f5Ez11H4\/kzp7mPzSAHSSh9EfQ2CK7PL9c0nsCt33iO0m06ODUdzH5ZQA6N6s1WlW1ShS42rsAxf3XzSZ0ovcpC\/DRavgq2IxNJD58vO4fN0TjdVOTZyX7ylGwlT6tzsMLV0aqd0HLkGNPCQP7Mmx+k7bzSiXNQ77bO\/fbU4oFBWK+2sOKIOrZzb5GJ+W+PF8dIbGFN9RJec5hNJML1DUMOon88n9YQgd9ORy3a6+vrZ+ALcNcnXY2IvmWYEbfXtTWes7EwwljT0NXNNjLY5Bq8QjIgmPIbXvUXDtJSm1A0hkSRpCwdHxNCgYtr7e0sF7Q4Aov8IyOuYaIEdCGmReVWoCzO0zpb3dI6pAmAWYY5UJhsczol3Te3jnzpO4a+VHLL2N3m\/WT7aYNPC1ivOPpkUGtPih8\/9\/McyUU6bj\/9t+4N27U6ca6SefW+DoDuCK4nYZIl+TLK88YjhqWwsRAwRXToeLMoyjcVkbDeAgbNVdX9P6sQaX\/O02BxKkXz7gQNRUUEgKuDlFh9IQgKWB76QMKKaTBaATHG3waU4BJ0cTNAfACnFN\/JrCM+9GuvZP4U0Dy3RJaMsJB2J68KRNBn9THntUdZ8aT0TUbBSbGYBWGG8fozAHSpHhr+dfXozBvD9ZekHGvlb1ceAflTXn2cm6IkCKL4e\/jk8fedTWyY4ro6Eq2uPBFcLC191WYQcKUtLI1qyWwFGSyL8xL7KYi\/fXb8rNrWKNtpPtC9CFuKNvGpzMEwhqHsHnQSdm4oaGDWf28D3fnimE8xkMOYJjQDijwZf05GIJjz6FU2ZVkXK8Hs85sTzC2EB1wTQYyctgQDMRY9+41Tyjz\/fX\/T2vVsE09ucIj355kZ81QrG6Uq19eshQwFMATTPxAqcZjNP6DsLWDL7m+aKoDlcmPGYEfGPf4Jc8i2o7rH6cc7lfp5HNow00LXBnKEWhtQOBQ4AwNsBWSScgW1dSbbjF7ZmWeD2fCs19zRZuY7zSbiW+49Sv6gkplKJNLEaG0my7nb5ouyw7XJnNkDa5WZm63aGbOPxgqt0pYmyvCR5tE5E+FHq8BewY0kAatco7uXg5Ko+gfTLvuqbohJ1ZmGfW8GS8GQq125VYxbr4L5jsnWOgtjZILlzlwCqKgvKTEd\/We03Bk6yx0\/gQ9YdiFCSkb6dcud4eHEW+6I0v6K5c58yV4DFW+q0P7K6od1d7Z1LO95PDim6zUgQjhlukYtf+6PYpSQObOYUGzWMVgfdnIMZ42vdDZNZrtxR1Aow5opFdzPtiFevZC86O7dkb3R71Rohj5WqIb7KOr4oHXM\/MlUMy0xoiMuIkCTc3UTZ+W1uudgozAJJ1orQR32Tc021DWTfO8luvpeA++XaMzcd4yn6sarclVNQ6faaF21OVexR5dGmmjMNgiJNavWTLPo6l2pSi\/rhMH3EGdpII5GVV\/+V7EPns9Pe+y+riCTnD1GMGais81H3p7wCRyEqeIeYTh4hpnXRX9zUyq3SgcVWeOgc+KoYymBrBEs5Lnm8KobfmCDiYnPulbywcUYLqcQxtBVlJ9WzcR3XQygZk9PIWru3n3w2\/He6DT77cFvowcs5hwb69BEVU1avpPEHMWhFbd7tqAHMBsgzYvr69XCM4ZSOPNwqiTvtQsoFV8Wn7LZrqRPMqUQwVbVogbM1FC2XlXTSSENTgxS2jsox430GedMrvwpQ0aDPMvBKWbjPQBk\/SsD4TbGPENf4QC1mfu+f4ktXwr4v2IWpdf9ghcmhrbz0B+Hx58PXr2EdvMvDwSci4REGv4O9FBd9q3sbilzj7JiTSHXx161e\/Xq\/f7B0fv9vaO379683Xt38JfeZufnp\/tHP71583Lv6eujX56+fL\/Xe2Rlr9+\/2sNuzpd9b2Vv3+y\/OHjxC1rh2sst98WbX\/bevXzz9Nnes6UGH255wQiqz7fezMcJMiqeICpbxobYfLVxNr++hmwdgIb4OBq1CCBsu93r+brX9uHQvQm92nf2YuJevFrIsrjIX2XlWTGy1sDR"} +02796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1654385141035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_msec":1654385141035,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385141046,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"flow_min_l4_payload_len":426,"flow_max_l4_payload_len":426,"flow_tot_l4_payload_len":426,"flow_avg_l4_payload_len":426,"midstream":1,"thread_ts_msec":1654385141046,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_msec":1654385141046,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385141046,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"flow_min_l4_payload_len":426,"flow_max_l4_payload_len":426,"flow_tot_l4_payload_len":426,"flow_avg_l4_payload_len":426,"midstream":1,"thread_ts_msec":1654385141046,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"google.open-js.com","url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1654385141075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_msec":1654385141075,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} +02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1654385141075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385141075,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385142293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1654385142293,"pkt":"tKXvZygQnLbQ0+MzCABFAAItm2FAAEAGvpfAqAJ+dxykj8qwAFA1Ocr3U6+amlAYAfbg8QAAR0VUIC9xem9uZS9vcGVuYXBpL3FjLTEuMC4xLmpzIEhUVFAvMS4xDQpIb3N0OiBxem9uZXN0eWxlLmd0aW1nLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385142293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Tencent","breed":"Acceptable","category":"SocialNetwork"},"http": {"hostname":"qzonestyle.gtimg.cn","url":"qzonestyle.gtimg.cn\/qzone\/openapi\/qc-1.0.1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142780,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1654385142780,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1654385142780,"pkt":"tKXvZygQnLbQ0+MzCABFAAI8ibZAAEAGosLAqAJ+jvq6IpXSAFAyVi4yuWM9GIAYAfYOcgAAAQEICmpGcc7084qxR0VUIC9wYWdlYWQvc2hvd19hZHMuanMgSFRUUC8xLjENCkhvc3Q6IHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +00986{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142780,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1654385142780,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"pagead2.googlesyndication.com","url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +02406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1654385142822,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385142822,"pkt":"nLbQ0+MztKXvZygQCABFAAW++zYAADsGcsCO+roiwKgCfgBQldK5Y27yMlYwOoAYAQVIgQAAAQEICvTzitlqRnHO54B5x8bkMcj5rKNoQVor\/BQm3SPhmDDpDadH0sdUWEzHsJJG991J7GNcFmCfxsiCjLv8IWZo8ULPdOfCMeRMHHcaL4h1aKboaPInsYMSW5QQo\/JCypuKRdiaRrzY2sbGM\/MaXYMUvlY4IMPTWRAEu7PZrqdtp71d2OBq619OgHIbAeKGBf4Bk3Id+7\/Im81abelC9otiLtO5YiawFAcj5R83pbWUcSiA76rl5Zm5g+uGECfDCS0WsSYMIje33Kz7B\/CQHCjw+nh4lksNr3TtgeW4\/7JajIFAnfl17iI5bMpgNpVCgF9JYXCeHhfCCyiGI\/A3u+npcQq4MpT1eNV1\/saxKMf5Qld4T4rFFSIEwfgCG6P2ha33lVMWBaSFxO\/Mz+reiumYzQALP+eugpm6Q068chVxjvG91RjkLubAMoQDS\/mM4KwKspbzcHmHS8I3JKFhcges1eYj\/zbOWRn\/zLtgiQYZGgjfr8jKeNbuiqxLnvV9AR7EGSgXQt6gokwf+DutNqkLpb2FuyF5RXWlXYorjBev0MFJGfrmGtJd0nmEt8TAsc6HgqosNCWIgBZ\/EIx94x7v5p1LZ37xY5yDfD7teu0ZnLVzreCO3cRT6kfODUmHBwAbkYP39RCb6OD9O8RxxhjjnTrNrfxSTwe\/9Ap\/jCq3bGHW9OQ8Gm5fmTRUVwTYDyvfTZbEUP\/xOjLeI963wruwl+uBpHGIGjekHuK8l0SLl0g6pAb4F+iQWhtJFEsIVUiT+yWC6SNbe7EQQW4hgL7iTEmA0hdpq08vOQHZVq3u6M\/V+efq\/HNQ1sIp5t5lAUlbZrMHcijjYEukGH\/U1y1\/R9E10r2UGy1kBD6G7ldf3OBf3EDOMPJ3eWBdLh3BKN08SgKpcwBGu466yzavc4caXSXxKBb1cwUyYZLjMYcjDi09P3XFJ0SsXpzC75HdI3sX+AqtSARtclGx0X+hBBJhsyP41pofAbHoV40IDXhlkAqu2Xvp971SqecErV5bCH\/65Z7X9UlSrUeC\/VajwtN\/Mh2OP5AWY\/KrPPEpbXBTrhGP0\/drXl9b1ZRKfRkpIsBIEQOUVOEJSRKrx5tv9cs8CLA7IDFWlQPElS8mbTe\/FO4uBUzpai\/4e6NjNEkD\/x4ZgoFXLg94l\/agS4O2twbkzdeIG7LuYbfwHO76ewTIlFAsrsEvBrnz9wTTNN\/TnzpUn8JQ1\/dtrIKxXa74vBeLh9AgfuxeiMxuaBTfIvvK5V+5AaCmLu378MinCP1sJLxucnjd5DsEaHLL3ecT8g2W\/QHKN26grKg3503SO2\/2OxCu\/F1Q5f3Ice+Y\/x0VdO51gA8bbfeGHjbb3hWyAHeoW70q+XcMrdEd7zrg79b6uuXC73UAFURSwyrdBEIN+jX2rzjIfyW+4pvf+uZSH7\/Gc2MTbvFBbbX9b16PX1pRGaInNqfGLtHsUG8B3BtmqQeBlhpWHPYRpVnuOJzeNZgLCARxEVRyaWKKRTH2+XLDXc12oMveqHL3C+SNepipqTSMcGdGzahhXQ+6QOkPgJRGSQjkWV4Ihw5zcw7g5EwAxblTAQnq5qbS8j42+Sd9fHqM7rDAaAi435TSllIRWgNcggISMZTiMSn2Xq4iffhytWQiEe38ThBxbwfdFoJzj+0YwbO5hgM40IsBqTiUXYLH1oBFcUKfLbjQ2EIyfrFeqTy9WHdaf1+sN9pPGxdRyW42KrOLgfPUuaivc68Az\/QdWL8YFJ6SM8LAMjT6K72yfsZLGjwMPCc9x8WNKfLmVin651eeKG0Byt5g4BaGw1+4KUXMDq\/IbxY5Z52DnCKBtwYfZtEkuOdMA4d5p8DNe3HW0cb5kRtcmr+82eVnLKJN8C7lbnah\/f\/T\/hnL61q0OUO8Mqo="} +04309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1654385142845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_msec":1654385142845,"pkt":"nLbQ0+MztKXvZygQCABFAAtI+z0AADsGbS+O+roiwKgCfgBQldK5Y3R8MlYwOoAYAQUXfgAAAQEICvTzivJqRnH4pI5HyS0AYhnjQ\/uM5bjVvdjTZUjnqR0eArR6Be4a1wlGx7sAYKbldp5x+4IB7EuNMmGKaDrhBGhnYSaYzZrRF42BrogKrXtwaM6IhhfzBp54pTv5mxi1Vq9j6Sj+JkZH8edt9wgeNtxNd6vtvoXHbfcZD7n0Lvbexf7DJ9aouvusseG+Yo1N94A1tjgH\/j7238WVfeYe08Mr5p7QwwEzNKvL68eaaywX0ixejNW1VvuVX0granODrtiMbh8LsjjmjjFVIprX1CWWhg7qrxxkUBgrmJQ6j6MULhjinsYyyhrGtKm5PH41RvFS4mIYIjSJl1pQEMXQD4LVF1Us08JQLyJlo6NiK6uQyqLIR1SJIJVAyRv55Gr+3qrT3MgoOM8R4tWGjOoZitbfxw3h8YUG3RtUSljx8O8cxw2RubmceaIyt8zMuZLPiDA6gU83k1EwKG6JrCxDEWtxNoD0rV1mH\/NYtEoxq65nBCrYnPpNY9HX1mJPWi7FmLllQgRRwrU6JTEf4xo9g2ealbex03yGkYNE+LWlCYLxM59i7W2bdbapzuJkPNq4nBhmTIwZ7HM7B8AIU9jlF\/7CDW5rCNS4yU\/VtT8x3t7NI0tF8sKQQPT9mYSR+KXo43OVsiNSagq+CO8UiwcxhfQh6l5ohfHWIeEnJSpVG4u9onh2uW7JILC12lLhFWXnc8N44Sw27UTxst41QNTwV+xYU892vhrHfSIcd65w3CfAZ5tGKIzPy9Wwwuc4p8r\/srrxb9T4F9X4N2gccOZ3+Km5ddhGhDm1mpqf6ZUTySUzhPOVbgDchl65OalowWeIcCWnGmDka3MOWGLg1gXmPHiEOTcMIXI34AWOKdKmQzVIfGbcoKyOvVbbJR0l8+9sZoaQYfKS4LWI39QMxb41wsq3uaszHXj3xcXNrtl+\/NhQEvyYvCjGTlpx5VvljLV9\/BVzo0K+uomDOj70hNX+XJhV4UdqltzbraCdMzEMEyU2zJnkkiLZWU5C3bJUE3\/8cHZuucEwum8ErlY4k4XujuSv8srnYT9bUi0vK6LnxjV43BXl6\/H7N0CLnnLtPhDqw1E8sEUPKHoeWqyjeCpvvRIlK5X+YdIIpPDOoDprBxtaWhdISZ8UYQtTjCgxRJ4nuZhaXFq4EvaEQMxjuWu5AyF6FBXgFXcJc2RYo3xpIY5DUU2Glo2X9r+zWBihZiX2a2QEH\/CRBXJYjlerovJNyUabAltDEgYkRVE13ns4vMaLiVMYENSc8LsQMS3EO0sbQkNFVeylEgATyEDl3O7iZCW6SRIKY5bkUFMnydnSU3TEWi6wdJovQbEI67kSl\/kSFBV2M1eiu6KNrVyJXr4ExYjdzpXoL48Kx9On8fRNCHq\/wk3xDa9SywcRHKz4an70wxUl8qMfre7XKJFoPUmQLiZy+Coh1G4g9fHqtZrQWo3zazVdXfaayk7V9yYJD9gEGXSe3CTyPDFPrtvV3b6lZm7N6cTbOVnnDDAj1NsfjsdxD20IH5\/ken6S7wyEgYjnNpGI9CuGiduUQbS+wVEAs5Q78+6TR4PCYlMRckeNSKIVJnUKocQ4kbaOUQYzQl8BTF9kOy9r68JLVvPOST4gHhffAiAAtOBH+3gZMN4FH\/gAtbA9YA8BgF\/y3BhNtlwgRlIKeIsnCBS8w456wH4Ui3iMVy7dXQ5YivxPZrMN\/oMUaUI2m2h40Y81vuqome5U3tsYJjPF32Lxjd2hWUf7QDjUmRQupWj+XzWMMCisX2WSZsnUVO3uqSFzv47KUHJHOKRxAiOAPRsT5MMpTJH+NnAKgCw\/Re6khvgvkssb+V8xcOgzLLE0ZhT45BwMEmk\/fYrN1lyte5Y4+3VkCz8nT5SquzrCNCVsu2hnYUDdeyNARsgsLtMJyWIx75RiB\/qaUijgcSBVboGY5puilf1EHUvSCiv1bdZ6H2PkdfQBkg8n4kHYR75K\/PW\/MeyeDK9hJXCAx6bF44GYiwUKXJG+xCTVgEIURHE9l1HXGRu5jA2dsZ3L2KYM4VBm0tcGFX2oyRllBMwVoI\/18oO4BCXPPSBPs7HY74\/8TpKFTptFVYeJodt8pLc4v6+TBQ089vhVIrqMa6VMO4Sia8Jx2hlgM5ISrkxWvjTW69evDs\/O3nErIzUVRA2S6w1qOxcdCB7meY+MN8ZO4zssh9SqjchN3NR7bx8lTuUSrzbiJIOd+koZpzOVe1+C7qYIyc20QWhoXDmLp45I9WL\/dWIbcYNjpFklD4c3SAX+W+T88NGMdlEIxXb4gloteH7H8Zh\/iDcHslxsea7pN0yH3xl4\/729D10m4zIlT4gDm4QlwCxtOavkG8C\/fUI88joGaMIzN3\/fyCdEPOcoaZnrFIYpmwZqO0q05YS2mtQ2FHoP82k7ZiPj8gR1\/EgBAaxfbdlicyE2wLGqliORq0AhMxGR14aG6i4vpaaR4lRiSKbAlGedLHQCYWgj3wfLauRj7H9Y3YNWWxudQSvb7mJs\/rcmC8jhLGvRBe36JX+\/xMfElBG9JfhYYbMr4QkhOprnZusv47xF9axxOQTMLbdWEMaasGx\/MoA880Tkakr4cMfx6PpJlSnUPn0Uo\/QQ07kDHzBsz+UhU4X+68q9d\/eEBkvstT25167EXksRCWAMdbnfRP69f0U5A51zL4KhAune3GtgTIbGA9fXTROJMfsKY54F9hUg9JvEHTjmrap1nlNfztngORvLOds8ZzOXI7FlX8qVpQzpLyy75R4C7exfoSDp0Bc6yhvv0F8ThnH2jcI2nbYzm63d4OmJ450fKvNfPp03sv6+d6Pr7y\/O4GxW+GNtX7VyUyxqsz+8n0BUcPfRpAIKdaAGPk+wuqv2KC\/A2xSN8XIiCYsP3FbbcYFEMdL5aklTdsfrtgZtv6f4ffRPczw7UcYsknACIguIpBCRs7j8BDVe0sxCS0xX7IY8UEYmZQVoNcKwH+dIXOFRbMcIoUh28lCheGe2zTcN6cm0bCsxLCACeypCfrlWN76fyFC3Ik1sXQPH6j0u\/dtyjZ8TFkgCsel7Ll7gBRsdxrNJUjZNsRwrYxkuwkBHNKFE+cRNKo5tQN6f1fO2435RL4D3v8qXuuN+k88bjvtdPsMX\/5TPUJ51xDM0FMjnZ0CPy+fnsOTy+QVQ4vIZL\/VO1Av0qaNe4NOpeoFvZ+pl0yDOTiRKDRcpSGYMHmZqta9i6EpNjVla+iwG5vx\/WED4QcusAyARzmYGnWMQa5eoCHo4sf9M3Pd4A6wHne64x+Ix6Lgn4jHsuB\/EY9pxT8Xjl8Q9TxY8sruiye+JETjJeRAnOpDGvGrUycVVkgwbFUPnUKSPgbwAcNYveO85rx3\/U+1js\/bxQu3kn2qfmLVPFmpnndzAtNqI6ruRf2dDf93j2D3BWMsYtFzKJWMul9RJDt59wmWReksyICc7g4VNCUCEN9PiZaDUEUMU0uFy3gUgs\/CCtHIk3IEf9YfVpSRorVXn5o7td2xlFGcCkSSIltOyFWnpMvvfahuAiHAufap6\/gf7E0bLNptBztBoGNDiB\/vrQiHVrgNEBKwX+iKsEDt8sL89XpFXu1z40uel7vAvcE6tG7vDjnvHcfS1cfXeiJZGXeFlP24L6wNoPZ5L10\/cxSggQOUkzAQ6T14+bneL6ncywsTDpJK5N6jtUHJFH138c5L1boyertj9LPaW3atN\/wBzGPCat5x2PHQt8IYcId7G8FTZZTYKh61w2B\/14mls+f6uafTFovszDO\/WhNlyGncxCi4v0TRfeJ4Z044l5iS+NA=="} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385142780,"flow_last_seen":1654385142845,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":4774,"flow_avg_l4_payload_len":1591,"midstream":1,"thread_ts_msec":1654385142845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"pagead2.googlesyndication.com","url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385143337,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":421,"midstream":1,"thread_ts_msec":1654385143337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"thread_ts_msec":1654385143337,"pkt":"tKXvZygQnLbQ0+MzCABFAAHZOzFAAEAG8R7AqAJ+jvq6ro98AFDBsgXgq0aUtoAYAfYOmwAAAQEICoBTPnRMQU2TR0VUIC9hbmFseXRpY3MuanMgSFRUUC8xLjENCkhvc3Q6IHd3dy5nb29nbGUtYW5hbHl0aWNzLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385143337,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":421,"midstream":1,"thread_ts_msec":1654385143337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/analytics.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +04308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1654385143361,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_msec":1654385143361,"pkt":"nLbQ0+MztKXvZygQCABFAAtIvVUAADsGqouO+rquwKgCfgBQj3yrRpS2wbIHhYAYAQUYCgAAAQEICkxBTaqAUz50SFRUUC8xLjEgMjAwIE9LDQpTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5OiBtYXgtYWdlPTEwODg2NDAwOyBpbmNsdWRlU3ViRG9tYWluczsgcHJlbG9hZA0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NClNlcnZlcjogR29sZmUyDQpDb250ZW50LUxlbmd0aDogMjAwMDYNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjI6MDc6MzMgR01UDQpFeHBpcmVzOiBTdW4sIDA1IEp1biAyMDIyIDAwOjA3OjMzIEdNVA0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTcyMDANCkFnZTogNDY5MA0KTGFzdC1Nb2RpZmllZDogV2VkLCAxMyBBcHIgMjAyMiAyMTowMjozOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQoNCh+LCAAAAAAAAv+9vXlX27oWN\/w\/n6L49nLtRoQEKG0T3CxKKaVlaAt0CpQl20pICUmaoUBJns\/+7t+WZMtJOMM7nXVKZE2Wpa2tPctvjDrxsNXt+MH9ypOFhUfb3d5dv9W8HD46uVSPttvdwaivHu23or7s3z3aGg0vu\/1BceHR8YfXX5f3W7HqDNTyXqI6w1ajpfqVR1s9GV+q5dViaeHJysJv2X8kZTi8bA3G44FqN0Q7TF8pRRTcy1AWB712a+h7RS+ookEcSlmV9dJ5q\/MoHo+9USdRjVZHJV4YDu96qtt4FBfVrYqP436rNxyP3SffQxdeAe2DaqPb9\/GcVGWxrTrN4eXSkp\/glZetxtAPgmpgC8bj391W8qgUhmFUi8O4npwvLeHvYhgeRT9VPCz2+t1hFyOg3BqKKvgT3k\/0bzTh4V9PfaEdQ\/yIvicKouKlHBzddD70uz3VH975cUBjkvWYOqA\/wUT8cjrImkdoLoNWw5fTPURB0FfDUb+zWKqaRFmPpR+u\/PBrFfr\/cjjsDWrja9lqD7vjxrAXVMb1H5WV2n\/On1BxHYnx4yBYaVUZEP7FAg\/Dm1Yn6d6IkUkUabmH3f6d+B0m3Xh0TY3FTdiRv1tNSfnidmqGfhdlkuz8pmr71FB1VL82m4WqYrEcVKhoOKQxcOnSUu7R97odWnvqVH\/\/HS2O+BM6UH5XPNna3d073A3T1HhcP6+mT\/XyebhY0s23wpVKvbT84rzweEW8yo1axDnYXfIcYAtL1WTTwlU1KRToEylfhZLAxLYIqQUtZqLibqJOP+1td6973Q6+QQF0i33Va8tY+StnhZWm8B55ASDTLPSjKFTFQZuWxy8HxZ\/dVoc7FHEtqszpMZrX3WQidqYWIiJIjMLjYb\/VaaLRsLvfvVH9bTlQ2Cs0XI\/3QNxtexgNbc5etz\/kNG0kWxZu+9lDMB5v+8NiuxtLvCjLr2Zta1Sd0vbNh6PrCAtevOwOhh15rUx5xe2Gnqlr3wNgUyfZC2vPSxXOHeSz19fXKp4XBFRI3fJ7sfHSl4ROejxecN5lc7NZ3BLU0\/T0mKV5zeChkUn+h\/b26ykgEolQGjoa+Vmr\/s1aDG5aw\/iSCu5jynnkjfrti073otGXTew3r5KEnleVS0v0UX3VMGgPySLtUXV7RGv5H4IYAtaXSU2XVEyFwSgaDPt+SST0Ihkm1aiv5FVVvygFgIoMG7kSntYKNoWdsL+ar2rMY1r5cXNzc5Y8OSuuMBYnlEf4MKEtgMXBBtODQY7ZUTSo3IAARfTaaeCZhpBGDjAaKTzkO5PDS+qsiF8DCC5U\/PExId6KhixTJ5uvclDLsitUrZA9Vh1ssUJ7v7QZ+glQT5AuiKxbpLFcPtengpNB6xlwJ3q7ow935L9Gqn+np3+gZD++TCffq3mY\/qriGX1FgKcsQOa7ULeEaQcEm7qb7Puy81mG5RSz1XLDqwDccp9IK5brPoNNhhE5cIb4Hz1EXZ2OezlqD1HNwu\/EbC45Edu549Hm08SnnVW8WXCj4U3Em1xTPlXD38WYXjpUO211zSeIxGcuLS34Eb85lJYqibK1pM8jsiA2UMpwIWLARSHGHEUP7ACDIu55s+nuhd1P9GyTAq0ruhNhe6pIkUJWLPQSUx2dEJjNCpMWl4JRZcTwP5lU7Rc\/2vUzYkKGb0WEszGmsyrOzqoCjT+qgxg5D2OL0KJJ2seer6eN9sDWq+3XO2923+69e79\/cHj04eOn45PTz1++fvtOcFCgBc5Nf8ErlVfX1p9uPHv+YvnCs13LAkHVBD2+Fe+yob7H8rwN347H9MLqu\/DdeEyjTw\/YKKyfT488LoRremxJGBcyIBWKHlezR1rPYnwp+9t0Rm4NifgSzRD4z80rEJVREpehms5fRf5V2Hj5crXaCP3G0lqwubk+br58uV5thn5zqfyUMlbHly9fblQvl8KNtSohDf8y3FgXtNf9JiWw54q90eDSf1u\/Ohdv6w38aeLPJVF\/ds7NLqdjeiGdlkgyQZg++ld6RV1qQ89Bx3wljRrkh+iF7+qdcxzgnVG7vRj2LB3RQ97iyo\/62eDsVpbOnzxeKQ7VYOh3gmB42e\/ePNrp9+kV3mnnqtO9wRgGamP9keoQkUHo9pEcPsKLKkRyd4KqHf7V5OHVo33i4dipVi1ZFPnL5YBWJvJLWI7Ip1mi6edfjG9jnQ5rotyXy\/Sr7NBjrLlG+sVGv3u9bVbKV1gCWiNqvLG+GDZpiz5Qs0Grt7S6XsIKrgYCtS8frt3c3NxYKr+g5Q0Cop4YK+zz34PQnPNHLqmpN0pM53yYSILXQx\/HbVqhSQSk3ywOZb+piIlpFgf92CCh8fh+QsSCylWO\/rIyr2NMR0lrGNzf+t51dzRQRIt3aK6DKmVcqbtRzz7QiXXdGnpEe1Q17fH25GD\/Tbd\/bfrMWJ2irlr9uwruh0c+GD5a8WIs2239MKnqwYG2nogPc8kgGd6jQSTjK8J2SZeYlc6gEgl7cFRWaf1jwQiVn2NBQHU9qCRiQGjxLbCmmlRpnosggvtgNgZ6r0mazo8zBHxGsefb0MwTbmwQjDY2kww3NvSaEsLApl24xJxfhosx1oMHEsjK\/WXYLJqh89xehVJ0wsVFWjIzRm5GYNYZj6\/oFPk9h9AM7Mh6NIbe5qUdQ482M1rXe8QcD4ayE4Mb\/qSaO7e94N6U6A18FQQ0FuII+Uylg3Oi2nQKUx2iPK5SmgMNiErqLC1RNre2JTMd0EN5goHjE9NFEJZttiV2tWqrlTK2MdPZ174SzaJdXR8byGxj5RxRh+muudfbKwqHxWa322yri6FsXiRyKKszOaHDuMtKROfvbKOIEGKzDaI6ctaZUDKdgtlzpX4+EahI7Ex2+vFIlAxX\/OKTWnD2JPsJVkQD+fUfxD0XAv+sVv9B\/HRQ8\/9DhbWV7Ms+ObRKR92YJfM97sv\/MV4KiFYseCF1tUQdLNXQOyF\/vPpkml1mJEpHYMI4NXlYMED0u8N5VvU8EcgRJahC\/tHHAVJevctSjkda2HEOAkfRIW7IapCjsd5LCdE6OvXeN6UEsbSihOzMsfUEohz7NnAyhPRvexdeISJkeCnr0TnNhyD6rkBVC\/VYpD1FQXCedWJXoe6VPXHMbZzSSTU7G4+tOKk+LKaShiLhwP5WEw=="} +02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1654385143362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385143362,"pkt":"nLbQ0+MztKXvZygQCABFAAW+vVcAADsGsBOO+rquwKgCfgBQj3yrRp\/KwbIHhYAQAQWF\/QAAAQEICkxBTaqAUz50UOpj1l8TnRcUCYOetK7VH+KNjxqNgRoSXr7hqvuy0xzJJp3ZN8W2SYsDorqKjXaXpjrtxMefIh2IgGTboR+sbJRWyjtrwbLvgGSpEuWHzaiaAG+fVicKt\/p9eeevPt1wT8hSlTJe4oQruFgqJsRUqj5\/qaqKCpIwWSrXkpcvX5Z\/rL14\/nz1xera8\/UKZ1QhSwqTyWQ\/jAj411dfrL\/YeLb64im\/ZIZ2KgRRGFG75z\/26370Y4pECpZWnz49N0vhUzkd11S5FGTgsbahYfUUiPNShv4p5CgtKU7rq+fhT\/yunYdX9Btkm6IlfbspvO23O9vvj08PLna+frh4vXe89Wp\/57XnED8\/\/75yWreNujfZ6tNqEUU\/lYFle9tqXu50hrRf7j7L9kgN\/LoHero1pC0w6itiJK5pFtr0G7WGHTUYUIpQ3xDo\/rPqM7MkvJF8Q\/vIPhNHN7xUHd85EemATgd39S8+5Fo6eCPtL8UBb1zBCrgJEBjxQ\/yfxgSv\/ER4F036pMUSSFHmG8PPPgE9VQIxUVXhjh+LjF+zRIIqXksIHT753AFTsrYS9dBYWmrQKmf90Jx3pK8P94mzlF\/0XgXGCoEYNeMfBfazJMEMfYisr58DcRMkVROWhkSFuJBkNHI2T\/Qae6TbrMRvCKKaGuEXPVrRAEGSCoEbYZPOc4vkGxMazGhpaWQn7XgIVGGQp\/1ebFylT9eIvtAkaX9ImjAptPAgALnnR4JmHTxhgpmEoCXftU\/bxNCMHjA\/fRmmCO\/7PI9JzdDJGp1ww\/4dzx7hu8q9izXWCGeAhzOMkJJWpsKiRvs9SXqky3COtJBoJWXeiGnB2VCGuEzRQlhZlcISNeln7bxqxgDUpDYjer\/CYdSgFsd+k5Zet5klJUCuAAOas\/4qbNaaVnxAaJIOY0ZWTeq3uXllkVWzEK4Sj3pFLNN5SBwRJQo0ruy4pv9iBtMO7Tv3iPhqaU0HShR4qKsQEHmlwbxDxJFhna5S6UZQvaJZWMKZSJSSf1UIWeJruZ3C5STJ1iipLZYridkzDbMEsUb7DcO9eF41DhuAbE1RNmg+sXGIrbR7qKpnDVQBnZvVpNYICZAKxLUYgRPwbjkIKs2QYI3ym\/n8qn0TbRqC9WyzfHPJCO\/N0acDrC5RD0QtHbKYS0tPTns9y77TbvxIMF2mHUZHEJKrlKTNieQakvprD6q\/CMxYsHdCeKYBiXRXmg2YCBlUvmcPkOYH1cV4aekXERBMJJxQQtgqMapARmUhvPmABqVJjXvES4kIfLR0WeaezBad5j+238hPnsSHp3lTIlazuN\/TDlj+DcT\/D1p1LUIClHt6URz1la2WgWS2PNkL72Mru5WhqallRlOgFoi+RkVSU2lGbOXOQzoenoWlpbgoucBiCmp1rYaX3cQuviupxSfQYYnPpkHhhKETsp0cEuIYsPLELpCibT3NNjWs+kOzTeisWWR5e0hjvCegVcOtIU1QNCK06P3GMewRfNIpZBEGsS5EqSezorpWpzcaQog91Qmmmc68y1aSqM6ccrzeI0CZKUjfTjMtCfw7yTa+FIQ0s09ez6gOktyimLmcWgadywvhrETMRzowuIO7o7BcKuG8LBEC1SejWXpJVGaiGND04bvyQ\/q1Cs1DUHu80srOTAenQ3TbpwnCAlWj5eVJHILOByimR0OcShurLBOvALfRV2kBuX4aj7\/R6RVnbKnFrAqYNTtp0y\/icbuAFdHB+CbLE1pHEFQ1CrLdxYyo2wRkea6NGLFX\/VbSVEU5GnbpBJ8jMzjygxxf4x+EKqiuae4GdGD1A1fPqBlsXvCmYnExAQqaBH\/56p4cDCAJGzUvZ0cw9f6E35\/od9ZfO9SZ+XLgs3PoMRdjJP\/m1YYxVdPvBZs="} +01475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1654385144741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":817,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":817,"pkt_l4_len":783,"thread_ts_msec":1654385144741,"pkt":"tKXvZygQnLbQ0+MzCABFAAMjlA1AAEAGMg\/AqAJ+oXUNHbFmAFDqwyHzbdxUrIAYAfV0zgAAAQEICrrGJc+XERimR0VUIC9pbWFnZXMvZGV0YWlsX3JldmlzaW9uL2dvX3BheW1lbnQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xDQoNCg=="} +01459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1654385144744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":806,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":806,"pkt_l4_len":772,"thread_ts_msec":1654385144744,"pkt":"tKXvZygQnLbQ0+MzCABFAAMYAsNAAEAGw2TAqAJ+oXUNHbFMAFBD8zDZwu0\/vYAYAfV0wwAAAQEICrrGJdKXERh6R0VUIC9pbWFnZXMvYm90dG9tZG93bmxvYWQ1LmpwZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MQ0KDQo="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385145219,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385145219,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_msec":1654385145219,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCODJAAEAGpmnAqAJ+DoiIbMDKAFAaK2fhcSXy2YAYAfZcTwAAAQEICh66UtmaCR0vR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzdlMDdkNDQxN2UwZWRjOThkMzI3ZDBkZGZkM2UyMjdhLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385145219,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385145219,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1654385145426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385145426,"pkt":"nLbQ0+MztKXvZygQCABFAAFR7yVAADYG+mYOiIhswKgCfgBQwMpxJfLZGitp74AYAHpi3wAAAQEICpoJHgAeulLZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogNTE0MTANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhhODdiMGI5MmUyNTEwNmMzMjliMDZhZjIwNWQwM2ZlMGMxMzQ0MTYNCg0K"} +02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1654385145427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385145427,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7yZAADYG9eIOiIhswKgCfgBQwMpxJfP2Gitp74AQAHr0DwAAAQEICpoJHgAeulLZUklGRsrIAABXRUJQVlA4IL7IAACwgwKdASqyAToCPm0ukkckIiGoKnYMwQANiWNs4jJjEcRbUIq4meIOWNjdqsESz8mAKOq361AtvR7TyuOV\/FV+nu87n88t7L\/y+wvnw+sX\/mdCD\/3\/RT9Gzq4ehu9bb9w8kHll+e9cv5x9n\/s\/8T+6\/+L+Zr9RyV9nP\/f\/sPUr+gfkP+N\/i\/yV+gP+H\/5PDX9i\/rv\/N6hf51\/YP91\/gf3j+PH9Ltt+h\/4\/\/f\/1PsKe\/H3v\/q\/5X8ofjU+\/\/9X+09ZP3T\/W\/+j3BP6f\/c\/+d\/gPc\/\/veKD+d\/4v7f\/AX\/VP8R\/7v9b7wX+P\/9v95\/v\/XH+v\/6P\/4f6v4Hf6J\/e\/+5\/i\/9R78n\/\/94\/7k\/\/P3kf2u\/+aAeCI79ZBcTyL6FXzyW9028ZWAO9Y8tIvqAIrZhjGagOgbNZzx4a6g3twV75qnqJ5twB\/xSo9lyhWqAukiBEUGyCjsjBRJTgwuYIYsVFniixVPbFltIkOLqUYdE93iFQWbjfQ7rIyOY3O5mgQ2g1BiHiZ9bXVyF0IzVT9VXeN907YTxHk6r5NzA3ch1aLti4lm405dFkbfhla6HiLq7w41FEOShUP3PJLBCrZnBsm0qQk35PgdMzn956e1LpfIDX0FJREMP+uxg3d994VFpfGq86cjUxtVSP\/VQnXBg+DocX7W4D0RyIXgbm8uQ4IzIF2H1sjFucXdojor47tUm9O7eXpNRair3WOKxEZWb\/iXb2Gdx8LFruVjwxae5wQ8X64uRyQlGCU\/MsLFg09o9l7MyDVDZdrr7hCHFleRA42vaN+i4ay+M2WgHNNilmF4lQlpD\/1Da8lz9y5OpfD5ZCskMypGVzwVXUzSXXPcH1xSjpIRnUOSRLgsSqw+WqdbS7avhXOERtYG+yagD03SLlu\/BR\/ZfU\/3gPUWeJZe7VCByIU4208cLe6TVBR15KafU9Q\/xj5lUs9JNPZyUkF56E+AJuZNQBJnlS1a9fO6Diuf3dw3IKITFUh0AdSeLQqpBmoaOhbagSyTYLzhnNCjxfodnJuIkBQlanUOuHTOD+gs05PVNpU3DHxUIfcFt1gasaZ3w1i7zAZSZ63LdYyL9U2tEDVq9IaI2kL0JUh4JlWYuaXYZlW4pCma\/Fdw\/FL\/jAwnb\/BebCkumQFYP1viY59L1oZu5uBXUXUFkbOOnSUg7MPEnnqZjZfMpX0LF0EK4VWYlPgy+y44jS0OUPRSTYo+1AE\/OT+KFCu4C7y\/0unbMhKRion5VmX+5nuPa3a6IcVtwHpZhpAMBfyTfobyM\/iO\/I77R0vOLjKqAf\/fU6WFG4HV+7sPQY02hCYWp+K0qNzoA68F73HIvfAF03DsfxXnu2yp6t2N0K1eVD7O6DfnUmItqYh3PyLZPd5Q\/FLPxQ2pHJVZC4+JG3pg3Dku0is9oPVCW0EgFqU1QhLG95w0MhoSdR370ILv+yujpCB6gPCExiI4GyrfuzXCHzq6CvQmxoFDHDNmRcmg549qdQpED\/RtK9yoBkpxaQ9X\/7hWB5LDO7ZW5tTeh+5UctrqABpjMUqSP997gQPvkdf8NCjy1lYMvVGbDisirszrLGlJOgO3iwZJ0o2P8WQGmUI7PzSPM5Vu4xYpdQj7L372UKH7ioIJNWGWBaj7O3PoZW0hC6TyDtX5M9DRfs8Y61gVLbj287hc1o5LglFp9sXTiZ5OCimSuIzhhbFCbW9ZN2CPHmUCgr\/jteFqfBjH8xDTm01ggd7scl60snvryXBjlpgXsATeRhvUkemJliJ28laLpSLWqqBShAH527w2WjK\/rZ45PZOBjOOIh39ANRjmTK2EMsRJJtZOA8PZ5a\/rb2q1VS8gz50Lm8EcvkppQ6mj6ubw+11r8Mf\/N+U41JXiGxtOmSVZ3lt8bBEKNl8"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146253,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146253,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_msec":1654385146253,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2XepAAEAGgL3AqAJ+DoiIbMDcAFBGVaTIJYHQDIAYAfZcQwAAAQEICh66VuKaCSE3R0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2FlYzAwYjFkYmRmNjc4ZWU4ZDJiODlkZjNmZGJkMDU5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146253,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146253,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/aec00b1dbdf678ee8d2b89df3fdbd059.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146263,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146263,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_msec":1654385146263,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2wylAAEAGG37AqAJ+DoiIbMDaAFBc\/ojalzQeJIAYAfZcQwAAAQEICh66VuyaCSFBR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2IwNTdmNWNkOGZlMDEzZDIyOTliNTdmMTRmYWE1ZmE5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146263,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146263,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/b057f5cd8fe013d2299b57f14faa5fa9.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_msec":1654385146276,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2qplAAEAGNA7AqAJ+DoiIbMDkAFAiak7sb7SjVIAYAfZcQwAAAQEICh66VvqaCSFMR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2YwNTA3NDI1NmIzOTU3MmFkODUyYzFjOTVlYjVmOGE3LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_msec":1654385146276,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCh4dAAEAGVxTAqAJ+DoiIbMEEAFCZqr96liGslYAYAfZcTwAAAQEICh66VvqaCSFOR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzEzYWViODFhNDdlNzYzMmNjZGYxYWVmZWUxOWVhNjVlLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146284,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146284,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_msec":1654385146284,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCVPtAAEAGiaDAqAJ+DoiIbMD0AFBFStvgIItD4oAYAfZcTwAAAQEICh66VwKaCSFYR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzAwZGQ2YmZlNzUwYzAyYzhkMTBkNzExMmQxNDNmMzIyLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146284,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146284,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1654385146458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385146458,"pkt":"nLbQ0+MztKXvZygQCABFAAFR8fdAADYG95QOiIhswKgCfgBQwNwlgdAMRlWmyoAYAHrh2AAAAQEICpoJIgUeulbiSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNDU0MjYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhjZTAyMDA1YjJiYjVmYzc5Nzk1NTc1NmIwM2EzMTk2OTI2ZTc5OTYNCg0K"} +02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1654385146460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146460,"pkt":"nLbQ0+MztKXvZygQCABFAAXU8fhAADYG8xAOiIhswKgCfgBQwNwlgdEpRlWmyoAQAHoGUwAAAQEICpoJIgUeulbi\/9j\/4AAQSkZJRgABAQAAAQABAAD\/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL\/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL\/wgARCAI6AbIDASIAAhEBAxEB\/8QAGwAAAgMBAQEAAAAAAAAAAAAAAAMBAgQFBgf\/xAAaAQADAQEBAQAAAAAAAAAAAAAAAQIDBAUG\/9oADAMBAAIQAxAAAAH20E27BKcXAViJSJBAEhBIEEgQTAAAAASAAAAAAAAAEBIQABEwAAAAyCYGXpdICAoRFNwtkoAAADMSVVpqBeaXSmYkJglIAAAAAAAAiQIAAACQAAAAAAAImAAAgAABsACAAi1YGypYShsBVi2AAJAAJku6gAIJgVglBICAAAAAAAAAAgAAAcgCAAAAAAAAgAZEwAAwCBkTAAAXiRKCQIiasYAkAAq1B1ciQkiUiQCQBAAAAAABHBH348TWtPcnj9iXpIw7lmTAEkASEBIAEEBMEDkiQAGETA4JhhEwNkrvMyAKKMAraoOxAJQSXF5kmJICQBSRIAAAQArL5Z36Hy8UrVkpqnoEMlN24W0\/TdLxXUM\/QCrTncBkkCArYAAK2i4AAilwFgOiJhsYu6VgFIAAAFSQdLxISRIiJAgAYRIAAhDvOu+bnfmvalJnNLC0l73E50VemP06LGdLmaDHTMFRNYhVM0AZFAGXWwkAEABQtI6xcEsut0yVXSsQCkqAANzMSkAAABAAQEDkgDJx9ua+jJze9zsq519KVKk70Bo0q68vDsTtTZsyJvLSitdH1LZdyzXVoJJaiqSJCzU3aYRJESQEgABATS9BzathAAUtIAABS8BJEgAARMBWsVm2Cl5vi51ZuvXsZs6OeujmqhJl8+0EdHLzxdsy0Vb6VRS06eXq3XR3cdyXUbyHzPQSWUMtFiIrcCs1sOYkEEASRQL0IKm6wGi2EgAAAAABEgABEAmjO859smtLOd8Tgex8t2Oin66M1LXQ7fRjVuNtYGKurTNb+DdjWXdk6+tS1kiH00KJvS7yU9Kh7SkTM2rcABorMIraYHUuAuGwOrKWFIDQAERMBYACllywqK0VJ59Zipkq+V9Hy9aw9Hg9zdc\/cnWFc3cuLjdXXLha9EVOLVtTFchtdlbVcqHLWKq52JSM0rpWk1y2ZpjEtM5iQUQKG6c8g8iWgAAAKlqp2AaAEAAVVaYqqyiay9I3lWnm4Y35dF6Y85kG\/V1nZ7D7LaNvJ1IkmIlI9QzKHP6GbU7vlalCmMzFWOe51pbldoty\/PRz8nrZRY1dKm1Nc2rM3MQsvS9LjMCGpAAiRFCwnIQKaTWXF8T875PN9BzFzu6eZuWxOc59mY9nzek7Z5Pf62Xsehg6OO+jdzdTjUp81mi12p05QmtHQvzFHouj571riMHUiJ8L6LozpfMs6ueuO\/RRyZ6KL14WuSvTjpztX0XOhLRXuBkRMBJEgRMIAAirKjOb0M0JDVO4OpiNGYiZglr5mPwnXHtfEev5\/ZHFZW+uXa9X8899ydeyVsmk78yrO3l4TKizC12uvRaRl6VHrOVO5SOrWrSedn043vszp6EMqhvltiTjdHL3bZt\/bqW52up1zUUWiLAABEgAAAhvmonZbkXjLqP4PoODsrMmzeWjuyfhnx7fI9f4\/ezkJ9r5O4zd\/hQV73fxup5fdptTJtz8HteD9h1PoRJVM3YcBHpb5daxVj6VVVGHFaTqwdA6cet2ZnUwQ2Y5ufqomNbsuvTNkRZKbiE9FkXBgAokoFgAXz+qJebyeiwxlye4\/NehpQ96Oz05uW3ksvs\/"} +02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1654385146470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146470,"pkt":"nLbQ0+MztKXvZygQCABFAAXUjohAADYGVoEOiIhswKgCfgBQwQSWIbNSmarBiIAQAHrnQQAAAQEICpoJIhIeulb6KGbrQ9NgAoPeIQXK8aNsRvWmWOG2+mJUfVc1tOfBUFm08iHXJpNv2Owf5\/8LnH1ete7iHIgeIQ+NvC5\/VL\/aRL84vFpH3hpuKGie89N\/ltwx+Jf3dMlyw07W7lY\/ANl1EAJvmqFKZxvNP\/7dp2qkMzGNaCj8Doc1sJJRQQ+ao9WYQoMiZ2FUxVUX6mhkQjNYtI4Xmy+wKkhyEHukERva96HY\/dXbvojGVj3HwIwCL7Uu4KCXJCOxCdfzRsyBCPbX85Xo3\/0i+EMzczsTrgKFypwzGJAzBLllK8mrlen1AbXKws\/iFuX9EFW9oTIIiG0ZW4bG5oE4h95E6fNS8I4kaDxPobJq1QBkoPqrtXoiEHjpKULTrft3zYnFpDwQu2eTvwy15CQ2tec5f5m1CtyPkJ8oKSdO\/aLi94jceiOZXraTb6+VbZVTT5v7KqPOtYsl8CgtLKBY9Ot78tCrSByNPAMDNF2pyABksBqbgNk+1a0f6z45tFT7oVWfhgbXl\/on\/kQ2tjjIKII+MrdKpU\/7Pps04g33RP6S4I8ga81Yz5R07ZIyJT6iuback6Gsu\/EUAaiVehLWhou34+zaMkfX4oW8nsmfVHl1TpepxDvzCEYnOi4OxvRscjYz8+bDhvRI9oB6DKa80JOZpGqnO4SIevnAUQte4KcbZKPz6qauxFKMjOPb+Fi92JZNBzuBuVci4AUSISUJZ9pDO344tYqlcxAnz5Lub9aL3azUFNTDSxweDEjd8pW4pwan1wijpkqLHf0vi8uNupO8FH0kib57l4ZodhscgY1lQi\/YP8qhWC\/Ub1YGeDcgEMSVmhxKOxrRmEMxZJH0\/SPVC1Q45KguC3L2a2vUkm\/rWbFirVKvRVj2Z6smUDwqdOzzvBk383pjRzwKiZn+50Qqi6vXyDKsGTAy7P8x6VRpnIzzPW60jAuNOX3Z8JKsQSoQbU7WWYxRsEMq2vDpEdVZDnVZhQNpQTkqwDBMcvnxKwGz371ROj3c1NoOOfCqOGX6dcQUiRIk77k05t4r7lBDoi3JaCOltfNkcyuik3r+d2D8rJRDa0aEaUWI7HzkzGE5xCg05dBJQ+GbxLjA+7YlokrbWDOVI5+7T2BJvj5Z2gSS4bQyr5V6clNZrOF9yEP7TY6KekfQFoBuQkiruOmgQDE3GJilpZpNsJut4YIT7F0OaRSKrHaXWfoS4Pjff1AtIHgB\/bHOLbEtnRDxHNLviswASL0Q8jLLlz3TRCqT8v4o7cRzUn+2eKJxSTko0F7LWInRcpNe9+Y+33MXMVaDAOeHkemly1HrRGPpJskPnYelD9BE\/N2ZrEmqz0vzx+lyA9i46mr4QvLytJqjP9O\/HSqlA1Kx9fxOAXNcAxSgUCEYxWhNuKuqJnLtxuQZR208YZRatEdYzf9DdIBrZeDV9KCfxPH6XHmKZM6Tw3RIrVgIvV1ORu9gNP4ZxWngguwIFKkqm\/QJwvcuq8ge\/\/zWwxnlXlHBvEJwP5OtKAK0XftE6rJHP2e+bJbxwmb93eYXIbhGdyhKZmqch04CLGO8ZQspqifdGuUIlfUuJjFC7hqacsNLSVicuPJzBOyU2NXprEYWc\/OZbxibYqlUXx1QnIHQ5VZlumABcc0\/1T3FfnECTGn8GRjjkVVUZpIueMMQIx3l8RzJtDm1\/VpZNOhOyDZV1UCnbO7S2SykG2XtX4RCuY7OXA8IZ2JnjkHuxMay4A3uSWOFpP5WNNUcHjze\/bYJSsUoGQ\/ieU17tPeq+kN+I0skTj9BNmaip64x8FfSWbU+sFOV0QwBozGD+Lr+4Fx7eGgUibMhfEp33ZyZZa3ve8AZrylaG4wCMpTMxS0GbDni7A5CuyPiGXxt+Ero\/x3NbA0EZstWz0F5lDlbQrK1AfXK7WKby1kb1HGIl\/BAQCaQBP6s"} +14134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1654385146472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":10146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":10146,"pkt_l4_len":10112,"thread_ts_msec":1654385146472,"pkt":"nLbQ0+MztKXvZygQCABFACeUjolAADYGNMAOiIhswKgCfgBQwQSWIbjymarBiIAQAHqBoQAAAQEICpoJIhIeulb6tgJjnFx8hVIwXR4iVS\/qWz5n+Fxjae7ZlUqBpnRyPdUMUd+QilKzXl7OrNKxG+xfS7TEH288LHzxu8ZitSenHMt52H\/QkEpV69+4AxmflPbcyhYuNqtaP02igUNEXeHnE\/ugkiQLtQdebb8RWtY9VsgDPz9GUtPkZLj16g263T23juO9fsws38GXyF\/QUkl47exxYxCkNwjcpk2rfKmm3nQg7N6W0jqeFp1mCVWfSdnf1Y7Ic0aAspDn0dYX7ERrxAbYuaTLxEKrjn9xjqvkkkgS5vTMQo\/QuHb23Cix7tuT4Z1trzTW8hydtgFvdta227DotNH3yGBi4f+L\/4sXuucsl\/ZYz2EwWxq5jcSLqELfJHxFWvLyS92f\/OP922wdIMEUfGBrUGM\/B3JtuZ3WiM5qe4JQxMfqsdaQSk4KNPI7lDEQlXw1h0iteFlx\/\/sbXUFb7a6zxAGqKLOfVJ8nwgmuJ2JJ7a50wGQcZ5nLknIFyLr5KlKTMbvqLWFs2LMvOv6V3ngFYSqCpTCGvq3EMOwjXIRIIPG0xirKad\/WrPQ8qnK75ee\/4IVUZVYuQzRd7olXfWjNWoMU2XKEWOHVqY0lXpUYEDS21smZjZOKOEbaDcPJR3IR2tSF8v7lmhDnC7A1Q\/ZMUecW1YHLZoxctM+TtOWZT+8NOrxJea3YCm9Yx1kAaAeNlJkXZxTsZx9fiGRUsKJUp87laAJvDIbOMmd8r1aoYTkTFmU\/sSJ8mQf2rPRf1eOXfHgrWYTr5hLNs7M38fDRwMZyvGfVF9JaZJr7oby8iyXNXc7zTY2L\/7mbvHkCPWlgDez3Db3GmjmR1B4zzKCnOT+ig1lwwIJo1WP+cxiw7N2K9r3vspvR5Vcuvuh7tgHpWqmAWhI6fetLr\/c2Vl0iiMIIre8vZpLEHW\/nohVeVVUderzf2dVhF2EtWAMquqz+sXVK0WGqetxa0ic3Oqtaq26N2z5MTbOtJmKxpBzaXCwnIzJfbkvT7NrL2Wy0YeTpBNp\/qObq5eeNpmjp1rcehffZdHdR\/PROFB3yNO91UKg3br6J36EchQjn+HHAfILGeZwZXM7g1tOqRvHe74tZLlvy11rPmfX1clEcNLCqdrXEZs6S1hXdICGrhpqkYawHpcEPmYXJpM3IoQIL6\/UfuOmin8lEdLYY6JkRJggUKNF3GopOMtqlw7cN6WYvnHBpqPv+d126Z4G+wSDqysaWGFBAN5NvcQbJbC6Ll61fYucNIkqNOL0YpI0ckzNHkzp7ppuY8oO9Fo0pVc\/ohgagsAS706RZzqtBM771ss7i6ivGHfRBZEjjDIPKsv2Sde9W91iB5ZG1lvOyoiXq+e07SLSxfFtviLdcctt4TbAeowmTgePDz0y3L9AurZZjU4HIorixz5KJ77M2+G+AlWnTOSYKMX0u9tKolMpL1eyCxnoAOfARlh5LFdSrBlImUb8\/QcBlj5qeZRDZQU0B+EzmE+arAHNjN51kGTW6D7VQMJR7u4gZ3CgkHpJn92AK61mPx3iPbbQMIpDgyBDREkqY+81rw9F+VEBGuxGn2OHvqi\/vOzeKm9iM0LloHBhmNL2zynkkneVPICTPD5SM+wMcfYdktvf7olC7djwltDQ1vQJ\/I6RAWfvx2ILm38PTiTvZIBEmYnoBQhOQ0E9Tb4QLfGTKne4btkpduZDgVkqDxDm78xzn71taOI7rLMzMH0SBU\/TziyBk+2oShCxYgmdU0iKDT8r46zjZTZS6v8mEtsdjmBbH7cPpyTT7gKEtnM8zptXWSIhlVykpGlFGFVQescLnpMRvIoRiJxd6HY25i8Q8badO8aZYOw0ti21cGDZu\/crSHqlLbfNys9iM3fwPZY8F2upWh4BROkh4t+NK7aItRWXKGLcjiH8o43WjkrzjhZ62eQB5Wlcc+8CD6CzKirazoV4LzmmyoNOd79K6CEyxZs7LfkoWUz13vIVl5saV+gwv\/uDP2Ytl2FPCGdgA\/v6tuERAYkXOh8gIh1RlzkPREpEf18veddCRJ8z6MI1K9LoTela\/e9o2mTY2e78QaKnXoqh+gJEKGbQQuqA2rJhJstN3uX\/EaXiA2PLbbBotmQW0YcCmKQgJE\/mvmHOw1Qun\/4swBH6823HVEWmKBvS0oVgAqI74vcVeVMBLwWco9z3HlrXT3tEaneofEZozkE7cn9vQB9DnL+4knS9sv3ucRAaCXIaxI7xyr3FbUUZ5Rzhe0H\/cYTVgieCFjpL\/MHbGwM8eU85\/OtgxMEUVvx+FYdQ\/Xus4ZI3uf5Sccum7RwRDv8sIndEhRGPvW6LqHIsTfNccr79CHKeIR7FkuijEUaO\/OqYmPbzQ9YkqFMB0+Tu2de\/pxeyvudZ\/WVSNhP43OsfPzA72r+zg5t61EFhlrL5bWOOEBWzBkPF1I8X818Sf5\/376K5qlegKQkwXbKRdlJ+dBlPBuUql1J0vaDbHbdtkri1pYwK7wgzini332ipIKeGOeTt5wWKs\/UJc8BSkGmhIG8Xe4f\/NsV5rrZCacV9nG2hTZxgeB0tylrutu\/sCHQNDsVGkcvI3gBB3q\/0vTOgej\/JcQ4b1+hotEGJylJ+eyNmc8vorXCiSHXRHzvzK6jk4pp+0UjXNTxLiHVg4qUFAuiZDIaFzX4O6D8VhmHlbVkYqgJqOX\/uGR2w48wcRx9Vc808nXu61mwFTYRoiQq6\/ejhNCo1BFujUS+hAxzQetpO\/K5aXDdT5Q4tardwiCey5R\/S0MvN5lfkF6zaPhPSYKgg\/PVYZCAciZA3MsJgF49NaKBsik5yEhsb0fgHIH4GeJ4dVGypxdg+2R4daILk6+rl5UnRJPB7824ueIIesQbwA0lA8APOM9i8n2eIOONbuW4Fch\/s9RoyFD0e4YfBpbfMeHceRyVw\/U8NAA5miKE7gJ9GuxC\/pLi8D+krZcFlG5qjZxha\/2jvFLl0bUDdodexooW3iKcNN3NfGh0KXY0d1erClHiGv\/E2Ibb5QUKKhz1HCVfievXCuKd+iXQXwtn5XRQBAaoXdqYslwAQowDTy2gnBMtD6ROBrw\/dyxwRv6sH1TAiCU27nx40639\/Kn+\/kwQflJnb5sjgxAjt821QivnJMxkYJXQSes9hrIx1+nbdW5JwYP22DoX\/Iaf70c5QuYAq3SeuASr+5zuspK2w5qYnsSROZDDRK1QTlHH6uPedRlv9zXiHIQFrgkR2ksd74RBk+t2ovUESSY2bLpgp8wt6Rc7avWpejX4lK\/vTU+HrSv009gZNULrkFU9\/s6bchhE7dkLoaS9\/GzcGhWo3CsP2t0nCGb\/Td2B4xrEPMjPUmL4ec+Izyi00UCIQHdfHsIo6Yd9+hdY7bTkFVVpPGwAIAMYFlXoP+4dIvcw0SwDKskFVWrE53M6bGPKkMA9fESSRf2TnVsJt15VCvXBWWkgs1da5ZsxB8Hxz\/dYLjutOpGakDlN+mjMre8L7PKV4IjOXfFHcklueZlHFfMiKOoAxAnQsxhugdCoiNxI4bCX\/geE0qtc5uywOU\/zahO8RvxDDLxVByl6CpsYll7DpRqay8ia0LpurHZOx2CQoD15zpPDCwpCtrdWUoyRdrGsxmrJ2BOXmiQvThstJVPjn7OD60GBa9VTfhetSOE5A33Rrn5fog05TTsAblGiM3m9yb24drHjEj4HLA0FzYwHEpoPH2DAxRl\/HcA1RuOiYRnNIrcG7werbjY1M3Sa327qYs+3pKFYs\/a35vcUkW6dvfmHWdKRgkl\/lQ8+agNAxx7ytNkTHTtIqy7B8vZAL8KUlPxSj0gt6f0aahHlR4x8+DpVQ03HO6DciE1DtOwpSAVp71Kx1IN67DvbZE5puszzpjMOBMXrHN6EAiyiDkBLRIljHommON+R\/R7kjaffp+gcXAJOOcCJgwyYulXqPEcVjm1lVMWAs1unY+V\/F+uNEJlU+n7ycALtMx8JoapYqpZ\/YERl98enXpnS4JSwG+uXe5eti6wMKtUHR0CpD0ZTaMF8UeGRH7e42Bzv0p2Tu8+lmtnPsKgFOqy4qM8flcxd6FbT51bQmVGBKOz9hsmN+xzNeSS+G06P+gRajneelM9Ml6rshA5Ze9XZNevJ5URGA3+\/4zmL4ZChYcdSj\/dpBrk7KKsyykmGEDSTp0wnUcOoEbwOwdwy0yJSEcPdp5r4I630fJq1ThajSOsveqsNFTGmChRopw616UtUsJ34ZHIEkewDajBG9ciLWIlp9JmiNQA5sdS6h9RnDTz4gD0aZFiDLoQvN9kPOuOrWZL1brHSxQcSnrfMBFNQDS\/T2UGyKc\/3NhjlcLneltmMwChouJwrB1wWnIC01Oz5ybtO8pgf3mNoiFgyjsWkdAUm\/Ilybd1rbLiMUzw1mCAstjt4EOmL7ov3wAjxxXQps5EmW554KBvP1pDfN2rrVJj8KZ39yz2IbgzFEgyGCjwvymAdcelaUJTipIuCs9RDJdcgmqgxPTZvY0sCT6yaegqEtX8mPz0dFB1wQRMIMB3iywLf+BD8w2hn9fbF88bQRFOTjbN9RJAZwgsHlzOUW0OITmS8gMTFjKFJXyDwGQs4V5LS7fkoeavVxpcEnLxnIotXgNPlS6kU3L2b+eqbGq3yEqaqKVaaCBZKDHd4RSvx6acZ5pMN5tixoPl4VRZTUbncjR7CqssSBkstKemgBJcL5ptv5lHRt8KC8r\/D8drxpQU6SzlMe8Tdv4CsPsMIr9ShohN+dGdO\/Q+YZ4MlJdXIWpPVis9KcBa3BMSAQLL+wlyCrC1DxOauyiJX0pZwmBAP3uFWYpTYr755AsZF7IZSWbLH99OcdO6P4QCsINoDJupHWX0kT9\/ILwvpJZdiJQ78usj3ggE6ufPm5r97uptNSwYWvSBqmpmh7Os4JXPxuC\/oYA9qP+88oU+8sIO935wIdjeKeCSU612zzY7tJRMPJqwyaKqX3F2Ml4mDMtJUpcDHDxd5wHlvcRljGERWhx34qQJ0JL1LapC2Yuq4xWUrbCUWIVjCtmYEfa\/GCOhoSh\/4je8dI1vcbamF7eNP7KRXq8\/j7\/0nPmbGsfJ87rF4KGJE3MFdoClkAlUUrRLaHhiG4eZ9J4RLozN7GBOCkVWWHN5ZAcZUx66oyu0r3mEpWpEYuxlZEtQ0a+RcselQYXz6IuCnJGCHSF5B1YQT8dtCh9Y2xHMplEk9aMjzAZ5TsQ0q0NkXMybToCx5ubpzAZVkBaOnBDwCW5JzH3qkO4m1Y8AzssNxnQddR29gzWPYQyg0Dcxm1OWwVAXNJ6\/SX+S4aDPDV8ymCuPPXQzFDKaJwJOJBrmrARsHZLfI8bbIQ48Fh4G63fa81NkkjBQxfp9npgdy\/bdQCu13ZEFuauYxibrh62hDGVsCl\/5SGVGkTy9NgczZgb\/uar58fVvbN7SIf7HV8afG1gmewssOzVfLq0EfY3Ny8+KiXGGbDHWzNN+mc76\/nymmxBGf58LS4248blw+sucBQGQVLLDUzJUq6oCJofVMo41GsNYXtH6fOPynAzsThq0D8e+jjNCAqLVtm8ZFeahT2ZPmol+LspHBXCkp\/yVPnNsRXEIy1hHfAlZS0eNlJe3RBx3FXhymlEy7K44Tcf5Ni76LhiEOGvYVTVMa27PUfsI40MkT70x7ieJ6FYRIKzUIbAeMHnpEkcHFPy4DbfR3wCD0UChKwSlx6Kady5x470xmBx8VRGz7irKrOxiLKUIWgrzkoggeZwA+lAGQDrqHT4AOKTC4DlKf9XMt2yEfQN1DUxCliAnWe1v3AxbxHAnyrrdBz6rSSe\/EJcFEJPHQDm+UYHvApVKxi\/gRer4sQcA9Qcm4hgZstp4uGyIRjL3SbYY5uAltDI2U+EomQE+SZc99KHDAr0k8k8hb9Gg70cpj29qmGLTPb5l\/3DHw3hH2ywNNERWgs\/V2+UZND4pdNNwRg\/WA+n9o67rtYl6LGQao0ud4GmQNsHYt2eZIgivRYvM3TBPzIaE0iufnYlLjU5EqGxmZxYs40fwTKrnZoQgbAPIbIFFZg6BoCWJhCmgJD78iD4XdzxPvjyshu5A2Z2bNVwSD1OLUxDVRqMgDlcZKJfm2T44YKUT52rhectH4b2OTCH8c1O1WuFpSgRsi9xHBFQHaShA1XiZk+5tiBMMFCLFcC4MqRhIryL1Xt9kVjVw+bLo7UNTs4gMlwM8op3FwFU9JdV1TUw4911Ic+da4z2g0M4eomEnD16ypzV9YvE7PbfX4mG6DIOC7sus4qkeLeUGh+og8npF10LZ6uMQ7NO1jiICa74N4qYd3biZ2PKKCUPsRwiQ8GC4+aFT2\/CElHV9Tus86MeNo1mbxN0MelU9Tv3Re3vPhxieigjbNNg7c8NH1lbKWgphzZEQvqW\/1D\/3eHKWu+1spZcYRk1Cz9Xq47QMTDt1ObhcMRa5MC4OOHU9i+rgy4fH6BSRbTrht3nvfqMzfW\/xgs33D0hwh1eVnBf0PGbhUThT1lBj1exyTJfY0HWfjSfQMcp7I77rxN3+YWgUHV7XikoArasQLBJv4w7LEHyPYY\/+Vj6MwrFWHNchEMNzwTrvd5gF2snhY5eOtRIPg+818Q42DU6OcV4f8vlnYUQXHJ8SkRn+4youn3U7Flx6hzGqd2Kq6kiCNHucaRMmTmTslKYPmix\/DLodndpVGjrAX1amNgwhKlXOsAMB0\/QNROKmcB4zyic9xrBg56IIaTIyKlzKqtQmPzvNxhGKlRMnOEmeJz484gugsUkGQRSGZsTn752c5fp\/IEqJ8uO06Q2Vk9ObzNlHD2qPgNr3K3prb\/xFlwsiNhd3rnU5zIz258tFai7AkGw02iNoM0TXj+mXQMzdOfh3mJ0aCjK6QIj06WOb49ENoiSpchtn\/rXre0PqCm0oC0LPzaEBWDuGyE4WXyH4B7RRFmEYW5slZ9NTVAoOblrF12bwGWUWZDXYeyloF6n2uG\/o9NeOXOAgOMUn6Qv7n9BuhyeC2CiXSHy9y1DZpR8fSv4tPvT6pSWBaQzn5OybvIa4qPoDDAr\/aevKfSF2fAXnhgGWBUOOTRt+hLhFaJNdtqvRBdx51pBwyIqerZQgU5FRr8SgKQNR2Y2UhyDv23ipzi5YxCcOTZ2jTSqzkEdi3KYA\/wG2cHQGq45NoCTDSnVcPFIudxM\/3a5ry93rXYJZAqX2xeRag6MeTog5DxqXTWxNXleuzrGrp18MJKeuCGoRELstSBk\/OXSRnOOFYAISrRtIKiI1BDl2DG1FmmhToIftE+V7CVluP2754NMSG9uzEeQs3I3J20AiKP212JKOjSwfMFHbTzB6c\/OS\/Dm0j1XZljzAYlUs\/kR1qNINEaMAzMk2pimuLm1hyN5pCk7gZCbYyWGF19\/AwcjkwRD7ghvW+nZXFjdan8PU2wH+591yQMbZ4MbTPbDRHzTL7S+MBYJ2\/sXwg2MY2ZLdztxWVvTvwKnb4PuBIochmxGSp1IXlXQtqTgOX5IOA87fk9yU8i9gc\/SBU9pLrPV3l7cVmIltaUP1TvVwUXppaij\/K5aaC2mJHbFTV4B7kJBIBm8TkDKSz4XSAvvMjAepqD1w\/bbYOlro\/h5d5JOSsR9PyLluINE\/74JuqI68WT6pjkeMox1U3aIghcOOrBvzNoBWC2zU3s0wAhOhXJ5utKtCv\/KPcWNPLlyQqVLFYwGgRuUQqNX0zUfdr0E2gdcPE6qpwGANOs9GCCLDTiiLS7bWx0EfgcReMav5+JEGXSdNByKxrvNDELfM2q+bwY61CR38rzDlmu+d7kCAJE0MfDfOLlvE8jPIcfNslyerg2Niox3zzOOsva9xFQ+7GfKZNfnjZtuNFyHUvIFbrlEpcW2H3B5GCMp18jQh8pWrdZczJcc4Aac0gIh\/f+5s4pgV0LPnYCY8HlcVR4B4j4rf4MStSEHzAfZpX\/kYYtsvurzT9EVgYdMvT8FS4jH1W2j\/U2PegzKYNnP3wpYj9CFYKs2jYvLJ6jvD1XhhfR3HRnE4jc6VMq+DDRHlKhG+mti4SyS7RbgLoH\/gHbyMTarFmt2bNHYKgQjqXC0LQQBv31rntuVVHOOazc1DgG+ROX4T5TvwQs6eGOsWbdrcKWpAUmYroutV5glxQd3vGWZ4LdHNLGKqFDSFYJ1I0CTO38x\/0iw1\/MjeLEzEax+jzi2\/wKhjbPMsNk8t68JhGz+VuwI+Z5Ej3HZjM1rMIfExPRP63c49wg47vGSDiML3Kmr\/StRE1KB\/dkvjdDFkp81ryiM0pXrciOaFy7FbL0Dp3fZxLadEpfIvFfiC+mJ2Ig0nQBpqbcfxtk+uFym\/A3yclkZJ8EsWa66dmsk7IUIuXnp3apKNGJQGgbKfLFoWVWK9YsgIPRVOO75R7xDUz9q+\/wdhL6Bvp4iVjP\/YAR07vo9gAmjCQqesZTMhTVAMuXwlERPWl4wtpF0b5ylA4weK63l5VHHeTekepPlmM2ZPgEhPena+eVgrgDpDeBxLVpfjhJdh2pAkFl\/Itj9E+vplhUX79GInBhWr\/Rf6Tjy0aYfZr0bWyYSBA4lA\/R3m1Twy1xWEASJIZt7RakdMzwqSqsG9lO3ibhG4+RjlC4e4GdCGiyDQQToec08qlMrsb6jxurIYsIGEk0i7kTLCjGpt\/7opsmGBM18NONK6EMJiKHTtJSfE6GUrWpQuY5SLFCm6gA8oYUuWrxKHfQRd\/xxiqUOBihtPkSKSDaltV17NwQz36J\/hq7FSp7FqFWILEjYV11Cz4Q8VPxjhoJHSi13GdXpUqGm0GBbQeg63FDVhJQnw1kGtMib2Yf9xU\/2NEYFFK7LIAJAM2C\/v7UelbF21DXicOd67I3RYOxT1R0rQngFVKN0WCK5NYlT7XyG7Vg7YSWOnN7\/AUvIifx6LyicWi1MO\/4j\/tgTPePrYWavU05+b\/X0YGJw0tiFpwX9M80SUeMxuOtQytXsEqklHKltggwksPL2krZgWHjICBOqob2ykobwQ0UULykY9YgOW56Wme\/aLiUQFq0Q7CcJZ89xJ\/42FYJa5lXYH0P\/TM4DppbEtyPFNh\/67NoELB1LkZzEi9PSKyDlIw46NiRT+b8O5ewhbmvpaPcyjC4QGwhHZzbE41F12Gy\/a+cthlvd2qqfwaADTIaDQaJdI025YNkamWe4oPvNi3l6\/btVtWfpldldFiHyFKr1pGyZMk9EyWmCwq3P2mU8qw0zx4eaidYcuaF11F2nyih\/1jIDMAv6DecOtXXxaC9t22nVGRSN2I8zQDT9Yv+g6EKkg5IoICNkMCVyz92eHyfhPo7u23FiB\/HYWhItSJu930LbuZ16E7PJVHYerZwOmqZ\/vHjb4AV0+CE1EBQsVH\/i2r5kHBpovfS7O+8V08ldfPT9A3jWuRmId2jZeFrX0Y1jW9PPFq3kN\/8Ayx7DJya0qzksVuotjIrX0kEdictLzsbhV5\/0DRM7eZLpfc2JKjGndPrkLjiwchhqshbFfpzbxelwMx6zZvb7VmHdVgFsZB2ze7oFfvO81oB5QZJiUVbpxPx2JNOIx\/pUhvvI87IOIge9wOl382BYu3R4q7BkQ7nVP831IaIBxMgFCR7ue0QA5EdpeatlCYAih6CSKLm\/EIRwc3WEUYMdgE7QnPHHL087HqX\/nntbgbSfLUOAnAXQkrDsSI\/TSAxhBaBv4lWfhqaBNKqEQBg5aP\/h0Ai59KLBeMmkDbSqMKamByL5gQBIpRS9y4DrX\/1ERo9Ya59pxvDSpoLKXesALpxgN9RW16xMT7IlPWcBlscjLpFdFLypa5KLH+JTwfsacKE+sa45b49P3tnkUng6KPAvvPrEfY5j4Ds9+GkLoSbIbH5pITuii2U++Fgyh5URgBWDAKBXhsyZpFCAu8Ej+EFhSgesLmUb51pN1UQjHpHOpNKENl9i0RNhG6FXM1qXkmMu2OfRbi2cGhS3Uag2V3K3TnWZOyuwPzDfHVNY2hiKBItohKS2Toqg3LdwIX4ALpN6jwmMY1vJ5pN8xpvy8BhSbpE+drY\/Um26d\/568MLTQYvxke7bs6JitpSjGt4aTSaLzEFOAlJHpgrPvyGdkbKOopCOalf5VBHqUYEqNlCcQJZGcKuibaA+CKhOcASVH\/dVK\/LKcHrVhSKTaRPzOYsOR8cAZDnbAUwFggdNoyi5AiVdH7pYEQi563d4YRRkaDPChr2MwLzQE5Z2eygLLEUTjZauDGSZY2STnngf\/IFlcIvrZPeVh\/jylOHbUswONx8QlhfQYnnpy\/R85Na3DWMvwXLNBAqERWkZZKomQMIbQIRE0qyaS8pD\/S1iK2i0+KCh9nzrezGe2syhY9R0fJ\/XdWKevEaiI7kaqf1UefkR+nEV5Ton0W3N+LiNBqHq9gt0TY4ck8lB4MOrVIWh06NYI4dqR2XxG3d8UkPSyGsXZLY2DwVVGbGGG3rwPTBOXnxm94DBLqQATM9q5DPAAAx2DozZw5dByVWvjGoJA8EL9VQXQu1lEGLqJYNQyIVCkF6QW+5MjxYTioE4qtS8rNVnHqY4P21Cf03AxWuudr20+kG92517E9SQKKnas+QXUuGUrnpUjVl4By\/KUFnJ2+xdKCPpA+KrtUxlUnhmAvK7qpU\/U5QYVZWIgUVItSRUkOwG5PSUEUhbpCYjr6yl6lY88iNEysyPHFRS9YSqySI0eVc4rm8ImRTMH+ksOCPGH2De5Qn59KEuuVAecGPg2\/Mcddhn3Py+S8ulYnzyXMfE3XFNwHBvEiriFlv0XIjjwyA0r9hXwjK+aNKve2FnBMWar\/l13ISuiDDW9Wbg2B0b\/vKVaotaIqupOH3j6LXyhskiKT3XLI7kub+w00Rn3C\/2vUOopzgJn\/xBSioIUg8DQ8T8MFORO644OuC8Zg2RMpkd0tJgqM3LWCw3sxuSh6Vb4bnbfBDuAymXSjn9qOspEuBCeA1Hnqk6Z7EQbzo0cy649zYnv2ti9ahEUhoAM6L1YzTESZlB15lVjy0qDCdjPm+\/hz\/W0kOxYPfdhaIMKTSj9xaVgzMeNpmM0S5rGQwr3gvyFZt1867yMXPHyrpdt1UNsFQKFZyfbkG32GuCiNPP1\/QS9MzblcB5bksx08NY02uG5jalIPOsl3bAejoidRCqbCltzBCzag4e7AV8mQbO9hTv9z3eezvEGVMUsgiRjtDYdjvfVGBECkbf0ru9ReTmeGO+XvPbgeh2Ytdam\/apmAzbSJi1xS8AmGJUoNBA\/uhYrOfNjLMBec+NJqM9y9hzTfVeV7g8deX08XKP6Wz1myxKm8StLXGSkGfZS4O8ue1F0t+84XKj+3ZDouQUimMXjbIfKPaQhrIbUMK0vNtEpl+VtmSV4maqKwSVJ7EKWx8mI97X35iYPD1tvVSsC+LuPG1sPdvVCWQAiSx5sPOhx+nY9D0WgWtXvsyxMmXXwsz5yDIIG9aKaobKMQUTL8bZhrsfxI8oD2agVb2nqUAjSKOh9zA\/9wytMaN25ANVHe3gBEJur2EU0X3hOY5ITCD6HlgNXujbF0w1pIHw20BLpqBwQEEkLcHAg4VHX4BErQ1dBihCwT\/2cz8UPavHA1vbsDMAzxL7HBUf8cyofB6qUwvEP4\/O8z3KDrPpiGvBX3vGX2DmaYPwalg\/6jfs0hNG48mzt8+KrQoPXg1DYsRhwUShkGdH18juAZnuezGG9WMvdB3335J6xvq5xPaNlLrnyvPE00KysWdfWJefGmFNb2PjVNQ4jPs4ADPpqCp5NS55LkgFbcWZeLdV54Km98\/nNOiq72XXX0hVCnoHf7x8MuDyH5Z99myGbQTEr28pbGOfPXI3Jc\/u6q48VW7Gf2nEAWjg3fhYvhsAxhuosw\/1EaG6p\/ZbJTxd6CN4JLT5seUTCi3M9JEJm0rqpM4PDjdjWIAgDQqDPY76K1vB2PLk1lvfOfzwYGVj3zOxWP0mFhNK94nD7N3RdWWhuPITS4+5DaaxXzX1CQvIHK3CFA7j\/mjof5K5e\/1VV5szNtlTZHK4KZbzNnrMdm\/VWJGF0BrOVYUt0Sbox8qJLr6\/GwQJMk6Qenqonnn0f\/MPHWKYj1T5qszcd6n99XKbhzvW6nsb5wfGdaVhsp0WI+f7oMOfujihusQHk42NzfeiHuuZye5bILBKJs43YVrDT4cJSW6dKJkyg2t0rrscPlPNCdX2lPQIvq7EnSH3ACRL20hMeltlKW6O5c7ChXj+Pz\/Eb+vmo0e3DNCUI9apyyp2e3PgufsUcIkO13EGoqcXkimky1tZgX\/9bmhoxlxxUD7MhwUa3BuDottTACLzOvV\/prJ82LaEy\/UQo153zPT+JiyiUiAubV5ORlTSfUKA0OMLpIIUp7cc4fTDsEA80uypKBtae4x0LEbe+n7ERSTiUt2rWa5b0en217CsosrDNp0yJJlyM50Y6SPOGqvMInpBnZCX4ar7m7Zn4pvvNMmY4zwvG2KltKcdpuRZoVaWabSaRpQFcZCpDOa0fDb76nxwiIzH9mK2mlJ2VXZ35a2mmQVjdIfHxQAD20lwC9v9NtkfHuvd5D1Zomk4+i3C4WCanyKbxgGWu9ey2RAtqmKIAodDCCQCPfDkDQXsrdCM\/GdiC8RaY\/PlhKudY7Hsg9Dkvri1jMKoPWaTG0EQTLgPENU4tW5db8rawHN6ag0I37KiQuV7bX4Us+KYD\/G0wjqbsc0MNgE5TopN83GfdbMHM47m8xslieKIeWwh2yhJ0oDDe+ycS5D3yGepy2vgQj7gcZPpNZzHI8dW1I9\/d2z12KhcP1EFKOVbJ3C+agb7xgmovXLvnNR5ve1uu\/2B3sHt1h20WuMptiUGSKyUWmXjED5ECXcUOtBUk52E67\/Fcp\/1WVIMkNx8FYoRMsHmOR67K+ptMDhks2raXq6u0EVRyUNZ31hfwA9d2f5gfWL7BCev\/xhVW7Vc7Row0PSNajmpiuzsVqnaCAIZY9M70CrsgZ3vtmFqVaU89UJD7q4n6Pu9YGh4K9SDiG1gY0EG4QWHI6lp9FpFfXNvA8Db2MG7aAkeQ1nZaljfPy4SPh6KU\/ocbwtWf0JnzPYS+CU1qKrnG1G4Qo+UzoAWIIORIsCHCthQaxukg3CAu5XzfhZtc3nRZS9IUtvQORxhZ+HSpozkqS5VLdbWAOlsWGIGpkEmQOT4VSvcv8Scw3nEnf5f57Mckwfcv\/48CL9BxG2tl9S5im9NV0esQBS4x4GlPGhzmBLibFPumvGL0AoFt844Lbo7iayKSyKSGH4rNVBladJTlmIwV5N5wMjROgBK\/85+vHqE3VUGS6njvdkSBSy987XyMa161au6wYLeBOKQeGotUtQS0Ln52T9ESjQDQU89uoKDcxpbDZx3cEZSkiDymkaUkQAKRrkFrvO7l21XPFy1VRYVBGst0rDU\/XllzzY\/0y6OEd7cx9YYlrYJfcA\/HalWy2e+\/NJQZ0jg2hXvDZSj"} +01041{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385146276,"flow_last_seen":1654385146472,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":10080,"flow_tot_l4_payload_len":12046,"flow_avg_l4_payload_len":4015,"midstream":1,"thread_ts_msec":1654385146472,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1654385146479,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385146479,"pkt":"nLbQ0+MztKXvZygQCABFAAFRPDZAADYGrVYOiIhswKgCfgBQwNqXNB4kXP6K3IAYAHppHQAAAQEICpoJIhseulbsSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNTQ0MTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDNmOWUxOTYyZTc1MjM2YmQwNDQwOGVlMDFjMWM3NGI4ZjRiYTJkM2MNCg0K"} +02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1654385146479,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146479,"pkt":"nLbQ0+MztKXvZygQCABFAAXUPDhAADYGqNEOiIhswKgCfgBQwNqXNCThXP6K3IAQAHoH\/gAAAQEICpoJIhseulbs2EQnm3dW5NpHc5sR6zYFLkK0FMFEDWcY52F66EPzn3fkt+HTn9roK+1oYu+87d3Fe6e2hB4Cv0dyvGXqZhzGtjaFIs1sqpNyDme\/d2VPz2vgTvzWfwec81SNc+Xq93Fp2AYKjQ\/ONTs7l2xm6I4Pj13c9pp5szRNcue+WfKu5GqQ3MZhEWBRdWFdKLrXGxOuP5rY8yyeq1vEsI+\/6PJc2c7uZO7u25ZgAbqjvOgcMfmLD2RvIehRt9zwnpsrh7QVlOnnAwWV1o9PWHVgIvCIIypR5+xplafVx851crHU7Ea+l0Kcs1DTz0toDnI1EZdW9zy2zN2PNbCLAGtcc6OLhflSFbHBw\/EfUPBUQLNIU+pdqaFjsZhKyfASWUPGCDSkqpTxGb7HxvVJ\/ZQHz2Mg0mH9On5j6AZ5bvoZxwML3kjfOp9j5QMpzGudiU2oIzt7zHpLy0CqktzO9XlzYh5XP165QEpygV60+0i+ovXlzhktabSr+BLben4fcleuk9A0TPDR85+i\/OWzjvoIZZv1ee8iZXVqNDFto1RI6QvTRdY+afTvL1TPRbW5+npW9yV7XVZadevGNbdbbs+emxG8+NnhLD2wmPVBqiS7o+iDHU4KUHLSpaadedoIGHcdhNCnHr5Mq7QmaDlKnWx9235r0vPWIt23fO\/ongWHoNfxHt6JNqXUqlcTk9OqwlEwP5k6H1swNo0xYsXz9Xb0mkBY1nn3CLOzFaZuOz09ppC0hK4L0bIAxwipq5uliADq7KlzXOqXFC6Xq6mc7l1WXNDVZOHFxlq0keNc3QXJa9n8\/wDfc1C93Ze8R7fxx3lPp3y31dB67u7KQ6l1xVXeQ56hfFZvXUr6INkuNCeRFBu7ULwxgpEI+ZUis7aPCVCmWraNjWRvtxWiUnBFQsmgredu6OR16iN0w7P08TUt1hNCq51iWhAuW4XUzdSaEg9x43Wg\/qpGSY7y3qc4j5hr2+hPlzAKBbp51NamSm8O3kbrnU9RhEhXUWq7fnKNcWzAamIoQ6gMJOL5+ntXl6Mke0PBGryysK0yCyzmivLYSTHWLvIdtpXBnBNDIGVk4cDduEV7NgNCXZmaTQt0dXaR2qN67X8L67jq6tDBnUdclXcvc+1+TerLsVtWq+N9QbVnTJEypzXtpIudPOXptSUuWtJwpko62V0M8kj6TMa3kRVMUrcHlm0WZGk9dSXDq04+57oUwqWsvULP0s2nHAurQiaFQvGc8EklVzkxFVxmY6Nh+r8x7WJ0AMxHUuCmJRSRW8\/6EXnWD+mA95DL3c\/QLIfVVmmyMV58crVlchFCtNQ6OtRaZ2mgCcTqcqFJwlabxIPCLiMKROn181NYOVF9jvnXE+ptWkvSdwN3Cr54+GWsqgtRm6swWSaXMNybi+xupbFn3nn\/AEfNomOTd0hxlW7Cstn6+ODpj896OqCuC0uuzS+g\/PAyqmZDKMsFoNlJR97AHn308fRpLZTqrLOVHdKkmJK9869Z4OoH6zyJaJ7HAHLgvU471Uwzy+gJDbWfkxw6eZfnmmhtTv4+NTJskLNJ4OqnS2Kem6p9Mbu5tFeuD3RG0pjKjjs3Zl8B6lzzrnYtxloY9KNAy3VxtW1WA6N9OqlijV1ysABVaCWZLeklCLl+f0kooetds5fqlCmTOvl01ONx3tGKF5rG836bApDUyPQ52GR6jyHrS4cttOfTgJes8z081EikwP7jzHtJHu7p7u7tozWvCLT3FkHkZmwi0lyzPHK3JQi4mBqQ8bgyhamx7u4hNyIxEIwVrSgoV3xrLBFvHnBeXp1YCF0vU+N+gsnhNI2li71elosslRdE\/jfSNtEZuXfPfWeTTsfWAzGZdm75bUWfnyM3a1Wnq6kWie7uG4cro+R5loHRh+9+f6yb1xg3jlW1iubTHPO9Z6bS"} +00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_last_seen":1654385146496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385146496,"pkt":"nLbQ0+MztKXvZygQCABFAAFRYcVAADYGh8cOiIhswKgCfgBQwPQgi0PiRUrd7oAYAHrBxAAAAQEICpoJIiweulcCSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogMzE4NjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDgwOGFlMjgyYzI3NjI2ZDJlYjYxMDFjZWZhZmFlNzZhMGEzODM4ZGMNCg0K"} +02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":3,"flow_last_seen":1654385146496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146496,"pkt":"nLbQ0+MztKXvZygQCABFAAXUYcZAADYGg0MOiIhswKgCfgBQwPQgi0T\/RUrd7oAQAHpAqQAAAQEICpoJIiweulcCUklGRmx8AABXRUJQVlA4IGB8AAAw8AGdASqyAToCPm0wlEckIqIlKHKcYKANiWNuVSIOIssgku+u81XoBT3\/LeIyrp+8Q\/bpO+8rjk\/xq4H88\/fn2953j3vqG59Hq7\/5fPx9LX1a\/pD+bV55ntZ5hh5IvnfX7+c\/c\/8P1rP3XLv2o6l\/0H9EaBP87wb\/X\/6\/0EfeXqUQuPOlBXdRfkeff259gb82PYj\/xePv+Z\/53sHf1H\/M\/tn7xP+r5tP2b\/d+xp+yW\/UiY3RZLtT4MDGKDY81TAVspXTXDGXJa4s3dqytWghww8+TNyimg4UhGjtsAotyww4+R1YOB4C3dEUzv+s4TEyPqA7x2vP9UTSksd8ePwx1tvpkwm614cdoaVp1QQDkBCDyIaWExv18Hup+j74D\/qcAJQqC3jkpSy4Z7CSIqzQIoGRKCjGFp22u5gDkFqhyWEs5LntkSFZUEYYl7xDYtcp7nnqWGUQ9HCZdQmHhhrz5YRzncbST\/+yT+eno9CC+VrV57objw7X\/SrCJu\/BerO1FzWUkmLuqSNvnfuWGFmopHdwfOY84vg0qB9m+JxMcHe3JxGc5t06QmWwfn09phXcGI5NAcK\/btASrGvy8IpSsAvqM9\/9UfMuXqsKUIjb77lqUcje3tSNNbWSZISltxD7ruU4YF8hb9Yt+vuLwaDRQQ4e7A+3CwRNGn4UXvE6+KFf\/NcHY1PyUkUBxVLg20R7WsBr8g6rE7PO+Kei8XAxBW\/YUwEPaw5lBxgrppGH+lMXLhNVOllXzji+Z6vK6hsy3mBGxXB3XA4pJFyyu3s\/jjl3tfE2xMp5VWOyeqECqPGil5RN+bBEV5mjoXObZTRrZWSDClKh71TpKVlzsQ6WG6OPmeXbXYu8STlKtzrFTTU97zYa+UVTXXGuoNoRILHttFFQuA88IJn3aHlRUuva8bpaaf49mg\/pcfHs1cS6eQpYuDfSM11V0iYSx\/8J+7gaf2eLfitKqY0uCur+v3Q98noUFVzpZ17vnl+eBYzbIBj9CAuLeI9ilkbjN2W4axFNIVbypMrTV+W4XeWy74QfKbfVfCT4a6uHCjjp8hStUbSdfeOpfF\/uiFI84ec0Lftonn80FSgzvOOHCA1x35rp+b3CZd7+oPkgkPPxCSpMgBW2\/KJIR305i6hCMUURb7dJyRBqKBUUSG7yT1a1fwYZLQL80RIud6Mv8xjp+v\/4+o\/ONJTv3zBlmqx8SK66adRQtwZM99p5WBLwOsel68J6NmAEP+J1WKzpmZGycpaCvnUTAck\/jb+H5EgNpZFNgVaLNdbIPdDbOG1GdKyhsxyKKu3zcaNOqkcCNQrkPcARlDwFI2ETeB8aNim7pYnvFBIqQlFKNUvTB3RVCljRTwmhmiAfQr7QaRy4m74V+0BH1yTzwEVs\/B3+ReNLhBCIhBkVuDZ3h6hKHuc4RJ+pdzkFHYGG\/sUcHHGYSaXewsKtOKCSImqlkrjCYkMM0mRTUYqMwE4FZvxRR7Uw55Rf6J\/LncYrxeVIzO5qqcWdOCvcY\/6lm9f4jfTcqx4uvW\/mbQa\/thy1EZlJzgCptXr3VMlLGPEhyncvOuHbKKuXh\/1638vWC4LD3vqLLbaqQR9aoqr2BxhZqsOCU6gEF5Wdb5K8v42QXu6pttbAhAlmLv\/S4aTCnvcPXNsXpU8dhmUkG1oXmXN+msw0mWxcBUseZIah0EwQnaeNuPtc2KI9L9Nb9o4wgxomHRbgDLmqdw6wHVtAfsbwarEfN\/l6Ziq4eSzOtTp81C0wsrJqH6Th4RljhYKfwHbOtC0y5nuH8WZQ2moUdoTIYJJm62\/zSeC3f3w2kqXdhwUbG+qjZbmQMNfzYgv5eXnSXpck4Hrlz2yZuj9VIG+WV8wirBwSp\/mb+7nb4su6das4eYvNOUaSf"} +04379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1654385146500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_msec":1654385146500,"pkt":"nLbQ0+MztKXvZygQCABFAAt0gVJAADYGXhcOiIhswKgCfgBQwORvtMvRImpQ7oAQAHplgQAAAQEICpoJIiweulb6+ZKcD+KnwfgPmxIli1SDP0WB+TC+gZ2zUZ1MJYnOEnfgrEfocekJHaOM+Eztu22jDjbrklrlhsLXwktGW5jFzoZr3Ytu7HRoxyemV6NLVS1v4GRaLHUchrowoMimCyOxZHfNMnA0GNdZ10WtBsw4gEq8H4X8y8f3\/RYH5Mn6eEzqjI8sPaA+ORFtFcdQ+TmjpdZPUsTpyl+nLhU\/9GpHgFqC51W1e7CLdEBDq\/FQ2WwcSw4ZRTbi\/WGpayOUjE4QZtyN0YXULC8rCWHS4N1MsqhVl2K8H4X8y8f3wgnA\/Jk\/Twlux8TrGuEW5nLXTDPqGMQAlYiMJpFjD2haZrB7TzXXPMjVOcqB6d6igpIOmaJ7Y0Mrz2\/yEfvD5pWGi27w9bKORzLvk9ue8s4aiSRSmdLv8x2K8H4X8y8R8w82CiFh+T6YwGSptZ8TjC0FXdnJzdcE9uEyZwnCOep1wtTzpxjxgEqVLJABXHJLpS3bD6ip0PC8K7M\/yCNVfrglIVQ4OuF2gykfOcPmMbjrz6bh1RnUy5\/MdivB+F\/MvEfOMae6F\/kz9fTSf9smb1on3k+Iw7BNmS0w7MRktM8Ff0Xj9teNF8yzhLN9Jw6SBbhxxSs+M6O4bTT17SVdMQjaF+od5bknXbynCwEsZiOD2GyrhdKmNjvU4f8AG3\/MdivB+KdZllzOEugJUa2YWL\/J9aj6bQ3CMt2YfYZsFk7yyBnI7ZuzfktnJM8b72B45z44I7RsxuiJlZCW6LUdmRB1qCOgwTgI1k8kxEblTVuyjGQPDs14YOevoKw+ODo3i1ks4XE2bddW9CQgJt\/y3Yrwfjg64GjfvwiDex7cLF\/kwZyfP0quvVEcRYOMIYp5ETODXaWekEYIkDknM53nDjYsO5h8fopHtsi3VbhwS0xs7wlfY7RrfW4ggHRM4TVKy\/xlLF9ZudYs668Jlec31c3Uc4T6djHl6evUbLRtfynYrLT6x1eC2dIZO6R+eFivyZGSOkc21mpHBAjzTIn\/AMSAFqMsjPuzkhyEJLBGBy8WixGRGPj9CZ0fSPWNduT2zXAXBq4nWNVvTCfY2zMzKo93KeUCRF6QE5wqyJvtTuTQGRGx\/JdivB+EzowvA\/kwsD5ctdc9OWzlwbY\/hrOD0Tni7E1kzleJbw9c6TkztjQ2kFPTJ85GkJslvP6P0PmszQmBvhmsCpmV\/h5i\/wAKrtF9NiRwGbcho55wUuZm1QZNpkDtIp4QJBZux9ivGin\/AJ3YrwfhExDC8D+TCwO8xwl0xEbplWQ+OiXecqXG0mM\/yC0Q1JW27xCupVnhwyNdqtGTB6hU1mIgYa3XkU6RaOBRM7p+gp7ZXnVVY96yCCx1XTFmQz6loZ6wCyJiCZwo+r6JMZNRGntVDWuYW4s1nNM4YzptecOUlfSFv5XYrwfiqxYSXgfnnDK29jq6xf15wB2wMYa4OCHbMRrmnJUYKd0pn3uDcKWa8mN5mWssYXS+kp75S0NFRuwhKCjGq0wy2w+2tc6xMcQnczdpgsyJ1yC7ORsHTkidr6jFgpD+vB\/kdivG2SwV7JLwHzQgnsSsQF+zT0zOQjjEMVjw1haSkSCIifKvKC3mj5Y0dhyZTzYXaZ7OnSY+nXWc6hLZVtLsn02hItxp6DxJvpBmdcW05ScHryidMCdwrPYVhHQPlWZqvh\/wL5OxXhXaTPVs5T4eTzWpdZai96\/dJXUiQ+eG1NuMULl2+GOXFVBmq1wm1t\/e7SKgbUIjtjB3B5nYWMiVDAyzGQARrrMR25zOkcj8wWkqvOVKuOPHP92npNYb2SGVWylvqJyWCWEusWTUQWLpMWbUEJpj1Nflwp2yKgEK58uzhHT6ziEWLnUyjSKtpinmyDXPhX5PSLmemNZ4TvLZtjYws1JcAW4uOUNJUomsWOsxoMaFkbJg5iIk8I9Qh4CFtmqo7zGeZ07Yc9uR8tMiJ+iY7hvIdWRnXLIsDkMHOvOm4d1lQ6yBacLn\/orawufLsV4Pwr5HPbhlxHpzGGCPYCVM5Dw0dMy7hb4EQKWREd\/lAFhbTj\/UlXsoXgqgc4iw4YZo6D7\/AH9QZYAKLGGAZan3j45a8jnvynzGRGn1V3dPItxhFUZnpBLJE0yLhzcOf\/QMCqI2VfjnHYvwfhXkvC\/moyXHqNcWyJH25Z4YBlXpwghd3It+SbIacSD9e5DuGB1I\/DDh1lrQkmTqSUkyJMYzTc0y6jfonJ7ly\/Y\/VPhfyyMGJmatA2IvCpBymdETpKz96fyI\/FjcV4OOyvkfhfyEdy5jIORz1i8EoITTMYZ++bEgYTuztmvYygA7dR4nKdPs\/wDw0zq\/aH2p3aQOLIQwz3nymfojI7R9AnHTPwgdx6HpPmI1WJQYXYkr1QJ6s93qGc3elCtP\/NjcX4Key\/kfiJ2zWsxhaGBeJ8o1WRRM5K9W+m7jArmsyWkPuY37mAexVQ5kXU0Ol\/C2LyFCUzUZEJPolcISMZ2\/RM6RPx5TkZHn6TnvSASnpryIVGEDnZWtFSC8xDZDqFgVsUvbDHCziMaQj9Nxfg\/CvJ+P1lewWpC+M\/6sCZkNcauJgI3w0ZNgAKljG0gDaLZnelnTaUaZvIcuELkDXrEtlHTJncf0T3k\/lzjyHnlrymdCnzSWEJ3AMzYkcVaIbDRK45dYBywMMGsuRy5a9HTpTo1ha148OjF+D8K8lm2cIcjAcwV+pXyCd2XLPUJYmwhjbBnuKA05Wo0dldu4Sx0blik+naLpoHxzmdIpJ61iOCVdZ4HTyeBVMZwOsIWKAKWPj6DwI1OnG2rOwsuJEcMIlkyzWETOFTgxYxYBbtHcsVZ++f8AFjw7F+D8K8zyPyCuqyFFt9OvAg2TduQkFnrFRwADHEUV5jbjLYDJbmFI8hZ1YLvFVu5HHJ2iPjmU6zSWYwsrW2WWBiD\/AOcmnOWY0r\/r6D8VQ3sSDZj08TLkwL+ipeK+PjCfGziF0rbMrfyi\/h\/puL8Hge2dYnJnTBEjKtW6C9YmNcmRAGx1Y4ZIQ+Ggc9HrT7Vi5kwvhzpZYCcnTQp751N8rOVzxV\/WfHjkU4sd7K49tceW9lgtFriIXfLRX0lnDo7qn2MdshEdzZ1D64xjC2q4wwt3IZ2n4p\/pneRHtsyhUh728KWWTws4KukVDqGu\/dGxWWHQfL08wKvuCRAldq02w2xcfI8OLS1BZJ8ojWW+zHDGOLc2PGT2jKi9Wp7Ruxc7n2D1jdnEJ1bz1KM38qJQK\/Ue0AyXaxr2V5ayN9p02bX65ILqcI\/UD35cOTKU5BwZ69QfZt6mdSJwrBzgsMyozo9GisNg6WrPunvNSdLUc4nbDmdosbUeZzxhFukYyqW3BONN2JL3sLVu7Lk\/d+jTNBjE7SlOgw2S0ie8BM5vFS5sEXKPHLgvv4XaSVZ27AGTJFFiyFUbGq3Z04CqqN4luHFjERq\/HDsxXmr\/ACFj1JSXVziFY6tzFTtbHMtcIZx\/bI8zGmFODGuTi+2AzbkPjIPaxs+6Hxlufd9Jea8iA6smBV3iBGN+6bVnrEU8gnJzTP8AHi1pcQr9cDHTKc6Wx75u7mP2gPtBGhktMo27Z3nlqPuBMRnDq0mdpm4xP71yuq+PEKK44Vg+IjWYXkhGPyz2xLNkkWRGvIO5QO6NkjkRnfNxRkmUYepQE9uU+I8TGuI7ZGDIjBM1yy37X0jn+P8AaG5Zfpa4XT3ZOT853LwyA57ZBhnnNCy3\/KR+WrlL89j4Zp\/y4v8AGvIwsPLXkfOD4LwHwH48ixnn+5+I+fIsHxi8H4fu15sfn\/Q5+585HngHyblr+Wv8c5\/acmI3bRzwx\/YYmdP\/xAAqEQACAgEE"} +02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1654385146710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146710,"pkt":"nLbQ0+MztKXvZygQCABFAAXUgVlAADYGY7AOiIhswKgCfgBQwORvtNcRImpQ7oAQAHoCWgAAAQEICpoJIwAeulfZAgICAQUBAQAAAAAAAQIREAMSITEgQRMiBDJRIzBCYXFigf\/aAAgBAwEBPwHwT4w8bm3USMYxX27PjlLlkYJD1Ir2KafTHpqx2v26HH3EU7EPHsmL+zZdjdCUtT\/h\/wCYGlBdk9ZRG5T\/AGdDWmlwPa+iMpR7N6l0ONfqTpkZl4smLFZlwJ4RYo0N2fI62kNaCW0nq+oEYe2LTjRLbfBpxi0ShGOLeEqLojK8TEIcrzqO3Ylm6Q5WXh4it\/Bzp8mhX\/0nJRnwSL\/jx6LJiwvBZk8vKtPgk3XJPreicVGA2JWdFi5KxEmIXeGX5NCid8FFcDQp0uUKM5Kie6L+w\/5EuCUaFGzZQuTo2ut6JOxZZXik3yNC4VjUeyjckLklSIytWa7W2vYkmuySo9YuyL5H2afdeiqIrF5Xgl\/TY2N4TEvtRONS2lx0o17Kjsv2OLi7JKL5RJJxtF5SpFlXEu+xf2dSdQoVpk408I0dNzdnxJ6m01dNQR+5OcktjPjTIxsktuIw9smx\/wAkJR28k6vgXkot9ZVOZqcITTJaf8FGjqqCpm9p77F95W2JqH1kS1N8ro+0SLUGSlZGKXI3Q3YkuhRvhdmpGmIWJK8qbXWfx+Z0a8eLGqE+CUZVbO4kokG0+DfIUmjfLKkX6KwnTs1J7neL8oxbIxSVGjppcjjaJx2umM+W4bTTltZrxqmiiiisR021Z1i\/DabfGOjYoqIuRKsfkwtWIsuiWpujtEhtIaKKN\/1rzssrPRZKddn4rc3eWrRqR2yaFiKoRLUjdCeGhupULKyi8PvD1odHy30PcnyaGvt\/4KSasnrbejT1dySNWMlLk6xFNsrkdCdEluO0NclYRtLihixY2Wh8TGjsiq4NLX+N89EoqfJopxZrxuGLNL9icK5HhD46yxriy8PwfeNRdPwmaWq48Gm7ZPofYjS\/ZH5MtsaFTjQtMdLosReKoQ1fg8Ujbu4I\/iR9s\/J0VCKccT7I9o3VTJMl2McmhycuxG\/Ho3F4trsv+CzvwWdOfHJrx3QeJ94+T60zQ1r+jNT9i\/Kv5wmJknYv9DZ6OUX4ItpkJzlKia2yaJYYnTsb9mnpSkT09vh0PoeIsbTRvOH7JZXglFnEI2Tm27Y3Ymd8iVmlpQ9iiakOGihtCd8Ej14XheC8FI1NVylRZSNpVY0Hx\/zE198r9jVRNkY8DWGsIZWI5eGuSvBmh7QpfU1JrsfIhGq7Q+RSGhrCXhVi\/t6LakamrtG5SEuBCJdeHY8VwesLEJblfihFihJkdJezo1OZFliOmSXAvBlG2O2\/FKvFo\/0RnXSPkmW\/bHqpdF+8oqz0dYjKuzchsZtf7ZoXlFWa0Psj5GNtlCVj4wxcFikNZoaw39PBE+jaxyFO1WNPs1K8ExliOxPCbXI5buiKHed7khl0hdY9nAo2bafB8basTou8cnwzZKO10N4WGy0WaenvQ9GSKaHxhP61iSuNEVUaFbXJRSE+ax2Vj4qSbNLRdHxcck5W2xiy2Xj8OdTocV\/A9GLNT8Z+iUUl1ybvullFexssQo2KVMkLs+NY\/I1NumxK3QxZeIqzQ\/dFn5WrKKVGnxBH5CjdlXK8rovLEx9FkjT1px6I\/k8Wz8rWUo8Dd4jl5\/GX9RFmq0+JLgjq7VtRrS5P8h5cjdZbGUV7OyhH+JrO8IhC1ZsPj+o8RNOPs03T7Jz3G+sN\/dDxaaxGBTLsXAvsS44Gzo0tRPgm7wl6NpRN1F4oSIcxxLhFtyw\/2RJ0OTZFcclIRSJOiLuPJdZkuCH16GhcGirdlY1l9co0lwdGoyixolyQXsTxeGf6EiRBWa6pcEHyW3wM0VwRijUjRNWhixodGoy7wj\/Ej+7Xl\/\/EACoRAAICAQQBBAICAwEBAAAAAAABAhEDEBIhMSIEEzJBUWEgQhQzQwWB"} +01027{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385146276,"flow_last_seen":1654385146710,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":1611,"midstream":1,"thread_ts_msec":1654385146710,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01030{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2000,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1654385146276,"flow_last_seen":1654385147585,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":98936,"flow_avg_l4_payload_len":3091,"midstream":1,"thread_ts_msec":1654385147585,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156800,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1654385156800,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_msec":1654385156800,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156800,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1654385156800,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.GoogleServices","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.googletagservices.com","url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_last_seen":1654385156832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385156832,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} +02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_last_seen":1654385156832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385156832,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156962,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"flow_min_l4_payload_len":1112,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":1112,"midstream":1,"thread_ts_msec":1654385156962,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1654385156962,"pkt":"tKXvZygQnLbQ0+MzCABFAASM3BpAAEAG6JjAqAJ+oXUNHcPcAFCL3GIckxS0LIAYAfZ2NwAAAQEICrrGVYyXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGVmdC5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156962,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"flow_min_l4_payload_len":1112,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":1112,"midstream":1,"thread_ts_msec":1654385156962,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/left.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156971,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"flow_min_l4_payload_len":1114,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":1114,"midstream":1,"thread_ts_msec":1654385156971,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01961{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1654385156971,"pkt":"tKXvZygQnLbQ0+MzCABFAASO+8pAAEAGyObAqAJ+oXUNHcPkAFB6Mp7uO+mvZYAYAfZ2OQAAAQEICrrGVZWXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGlrZV8xLnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MTsgX3R0X2VuYWJsZV9jb29raWU9MTsgX3R0cD1lODQ2MzliNy05NDAwLTQwNmMtOTdlMS0wM2Y4ZGE0ODE1Zjg7IGlzX3NhdmVfY29va2llPXVzSU12SGt4UDRKRFhoYzsgX2NyZWF0ZV9kYXRlPTIwMjIvNi80OyBub25fbmF0aXZlX2RvbWFpbj1odHRwczovL2FrZW1hbmdhLm9yLWZybmQuY29tOyBfdmVyc2lvbj12MjAyMDA1MDU7IF9nZW5lcmFsX3N1YnNjcmliZT0yOyBjbG91ZG93bHNfdXVpZD0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGNsb3Vkb3dsc19pc19zdWJzY3JpYmU9MTsgc3Vic2NyaWJlX2dlbmVyYWxfdG9rZW49MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBsYXN0X3VybD1udWxsDQoNCg=="} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156971,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"flow_min_l4_payload_len":1114,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":1114,"midstream":1,"thread_ts_msec":1654385156971,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/like_1.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156978,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"flow_min_l4_payload_len":1118,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1118,"flow_avg_l4_payload_len":1118,"midstream":1,"thread_ts_msec":1654385156978,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1184,"pkt_l4_len":1150,"thread_ts_msec":1654385156978,"pkt":"tKXvZygQnLbQ0+MzCABFAASS0r1AAEAG8e\/AqAJ+oXUNHcP0AFAuouTn4gYGxIAYAfZ2PQAAAQEICrrGVZyXEVcFR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbW9yZV93aGl0ZS5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} +00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156978,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"flow_min_l4_payload_len":1118,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1118,"flow_avg_l4_payload_len":1118,"midstream":1,"thread_ts_msec":1654385156978,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/more_white.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156997,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"flow_min_l4_payload_len":1113,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1113,"flow_avg_l4_payload_len":1113,"midstream":1,"thread_ts_msec":1654385156997,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1179,"pkt_l4_len":1145,"thread_ts_msec":1654385156997,"pkt":"tKXvZygQnLbQ0+MzCABFAASNFH5AAEAGsDTAqAJ+oXUNHcP2AFChqIPWvwX7zYAYAfZ2OAAAAQEICrrGVa6XEVcPR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vcmlnaHQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156997,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"flow_min_l4_payload_len":1113,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1113,"flow_avg_l4_payload_len":1113,"midstream":1,"thread_ts_msec":1654385156997,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/right.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385157001,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"flow_min_l4_payload_len":1119,"flow_max_l4_payload_len":1119,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":1119,"midstream":1,"thread_ts_msec":1654385157001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1185,"pkt_l4_len":1151,"thread_ts_msec":1654385157001,"pkt":"tKXvZygQnLbQ0+MzCABFAASTjHtAAEAGODHAqAJ+oXUNHcQAAFCrgt7ji0XD5YAYAfZ2PgAAAQEICrrGVbOXEVcWR0VUIC9pbWFnZXMvbGlzdF9kZWZhdWx0LnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpL2Nzcy9hcHAuY3NzPzE0OTA1DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385157001,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"flow_min_l4_payload_len":1119,"flow_max_l4_payload_len":1119,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":1119,"midstream":1,"thread_ts_msec":1654385157001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/list_default.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2061,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_last_seen":1654385157145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":748,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":748,"pkt_l4_len":714,"thread_ts_msec":1654385157145,"pkt":"nLbQ0+MztKXvZygQCABFAALe44NAADQG7t2hdQ0dwKgCfgBQw9yTFLQsi9xmdIAYAPSXNAAAAQEICpcRV7G6xlWMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMzY2DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTE2ZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAFFQTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/CDfnXgAAABp0Uk5TAOEQHt3X0s4WI+fFBvPkMNPJq0tAC7VRUC7\/IHCDAAAAsklEQVRYw+3W6wqDMAwF4Fi13nX3y3n\/Bx1dmT\/mYBZSsHK+BziEkiYRIiIiIiLaC3M6Sxx9B1wkBlMBGO6iz3Rwil60XSs441O01T65aESbOcJpIySXvuZctOUHOKV+cm3hZBGSCziVEW2Nf2cboeYSb63N\/rASZhqxmoS5YbVhO1WHvPWGOuS7r1P5jYsZksjkW87rNLbMvBvbSbw0NvrnDnnILInryd98REREREQ\/vAAzzxwTVWsbZwAAAABJRU5ErkJggg=="} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2063,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_last_seen":1654385157153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":832,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":832,"pkt_l4_len":798,"thread_ts_msec":1654385157153,"pkt":"nLbQ0+MztKXvZygQCABFAAMy+MlAADQG2UOhdQ0dwKgCfgBQw+Q76a9lejKjSIAYAPQgmwAAAQEICpcRV7e6xlWVSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNDUwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTFjMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAG9QTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/L9MC0QAAACR0Uk5TAJSpvW0XB\/bWdRD8t6aZi3E3AvPs3s20r6B8d2dTI0U7LisEPmah4wAAAN5JREFUWMPt1MkOglAMheGi3AsOgDhP4NT3f0YhYiQGMcg9iYvzr7rpt2lSYYwxxhhj7C172I4F0nykCrFLuSiei\/sOWhYa9\/JIKxol69S5PNMqDyYHR8eyr89WKUrWtQXIiCv6kxqduJSPdXl5diinC60VDAevon2\/h5JoS+u8szd85BdjrG3tOtO1Ra+VDn6lva+0ksbT+DNucHQGo0MDo\/0bil7kgqITi6InqaDo6RhGZ4KiVwZGzwRFL68w2rN96f0n+iR9aRM2y5HtRUflfNk0ybERxhhjjLG\/7A7dOIR9fLd0dQAAAABJRU5ErkJggg=="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2064,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1654385157162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_msec":1654385157162,"pkt":"nLbQ0+MztKXvZygQCABFAAIwUYBAADQGgY+hdQ0dwKgCfgBQw\/TiBgbELqLpRYAYAPSjggAAAQEICpcRV8K6xlWcSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTkzDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLWMxIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo1NyBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KiVBORw0KGgoAAAANSUhEUgAAAFoAAABaBAMAAADKhlwxAAAAD1BMVEUAAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+PQt5oAAAABHRSTlMA8a0mzjE4JAAAAF1JREFUWMPt0LsNgDAMRVEgC\/DJACAYANgg6O0\/E0qKpLIipYt0T2PryYXtAQAA9OpdzlTdsd45sDivkKYeaSuBYZK0x+aSvhIYRklzbLwUctA+Xd+k\/cr6BwEAwA+l3hHvzEdfEgAAAABJRU5ErkJggg=="} +01488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2065,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1654385157178,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_msec":1654385157178,"pkt":"nLbQ0+MztKXvZygQCABFAALcrA1AADQGJlahdQ0dwKgCfgBQw\/a\/BfvNoaiIL4AYAPQ5GAAAAQEICpcRV9K6xlWuSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMzY0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTE2YyINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAFFQTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/CDfnXgAAABp0Uk5TAOEQHt3X0s4WI+fFBvPkMNPJq0tAC7VRUC7\/IHCDAAAAsElEQVRYw+3WWQ7DIAwEUCckUMjWfZn7H7RC\/DTqR4OE1SDNO8DIssC2EBERERHRv13Orei4AsMoGh4TAKdR99ghGjSyXzMid5PyfJeyD1KeD4hOGj0xqe5eJbtHdDRSnmkQWY1+tw5Rp5FtbOq3l1y2+cEGpOzsurHZvEieCZvd91N1Vq9380Jy3nUtv\/FzhtQy+dbzuo4ts4TVbqxkoz+\/75AKrqd08xERERERKXoDf5McEz6WWVMAAAAASUVORK5CYII="} +02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1654385157186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385157186,"pkt":"nLbQ0+MztKXvZygQCABFAAXUlC9AADQGOzyhdQ0dwKgCfgBQxACLRcPlq4LjQoAQAPRppAAAAQEICpcRV9e6xlWzSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTYzMw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNiBPY3QgMjAyMCAwNzoxMToxMCBHTVQNCkVUYWc6ICI1Zjg5NDc4ZS02NjEiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjU3IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQqJUE5HDQoaCgAAAA1JSERSAAAAoAAAANIEAwAAAD8L1tQAAAAwUExURdra2tra2sTExMHBwdfX19zc3NPT08nJycbGxtnZ2dHR0cvLy8\/Pz83Nzb6+vt7e3u\/hbHsAAAABdFJOU+juN7IsAAAF30lEQVR42u3Y2WsTQRgAcP0PHNiNpirCTIjxwIcZMcGkhdS0aaMggaSiIhJr4400GzX16ENWvFAhovV+qIm3Pmi8FUUr3gcab1AheVBE\/Q8Ev93NJtlUTAJ5UJh9SKez01++b2a+6SZDhqK6XsM4yEEOcpCDHOQgBznIQQ5ykIMc5CAHOchBDnKQgxzk4H8O+usMmlMKWkdQcCEUOB2qY8oTzMKKpu56gEE10UQsEp54enJFUPQHKy3GigvKuDYsrZ4acFUEZ1x\/UyG+E\/EffiT6VkR8k2NiJFEBNH9i2S7jLdGwlMLdZSexGy3feTEZciXDO0OVwF7Mjhq9viWlv3Y4D65K9iPprWXa7Vgz3e6uAAoSpl0Gr0GyGraftC716TXKzJy4633n0mvg1QiaImyq4Q2evTm\/YWFixDXHvuiIbhFVBGUjGMgwPN4Ado5dH5b65+Quzdr4awqqFRRPMGwEkenRadudaOBRYuTG89bKoIkA6PHr3nSGS8HAmgQSXjbGGr7BiNHb1rdXB7ZiPcYOmQLYWBg1J5sQk+stzVuU0BqmulFVoH1xTt\/\/dyg2gLu++8d0Po\/ELimhCZtQdaCNYPZCTdgLCbNSsM3ivzLdfj21XI2tvUoQU0y+7FFmbCe0bBg7i2Xi9uY8O87GiD4nlcEGiu1pilkUyvUIhQBPaaCQ0Kqw14pMtruRlqrBQxjbR2YxzragUZAtGd8AHQnY3uqEzeg\/3oKE1kfx2MNqwcMU\/v4mSNbZEiRsd2tgJ4N3EL1kymwYMwrbtvTXAu7ZC7F9XQQv7BVSQdjubP3HpzJu9Psu3xa81t2JWkCE0hRiVBKGVVLAQxRwxuCeMOlnD5oHm6A2cLRSICC5VdDh3gug1rP7Chww5kT14EGqLmpGEdgFlAcP5z24t1\/FagYb1IQTOijkPWKFGq4NnK6B4gKKHSGkgwdpOWhG+tX+d9CrgUiQIGEdbM8Aps\/qsjUh1Pc4tkH7x+B7u2WDWyOEFWvWLUG+u4PARm11JiZ00NbKdJB0o96mHpPEGFMTOCBDa4Iqmk8one3y19Ag0F+aigDgDFoAXf4MuaouGRkPSFpdvE0CDFaPTrIDs34D2EaxSwNREfQWQPx1T4Z8YJgwimkIjYYbSis21m3uVZsEk\/cVwDi2LSqCtCVDrhHiWCdh0oOSMMFrImwsoV2js5huuExrBh0ARnsnpOAUIVOgIvFd1Je2SnTlAko2IfMdZ5xcrQhiX7YAks8DZOsiZd4HcCOcdVZo9S2UaddN5QxBHSmJRMtAMnUQ6IkXwVVJYvFrI+0HKXmhjpHJEhm61WY1oHugCI5L5nf3cGr3Ups7D6YIeZ1v"} +01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1654385157186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":576,"pkt_l4_len":542,"thread_ts_msec":1654385157186,"pkt":"nLbQ0+MztKXvZygQCABFAAIylDBAADQGPt2hdQ0dwKgCfgBQxACLRcmFq4LjQoAYAPR6KwAAAQEICpcRV9e6xlWzbvw7aAawPVMELTo4l9oXUyfSQao9EpmlQWB5vUp\/AXEBPEbzzwdVge4S8GIhZQN4TwfTVYAOj1wA6cyB\/AAvtbeVgFhLWUwTS0XQFsGFyy7qYBt1tlGbWvABmbwipFtrVgTTGLMi2BgcyK9aM3XCtrmtBLhbJq97te4FdDBoKQdLL9f8ZB7spC4TvHsCCYuiaXLrGdS2iGYQ\/AcQlYFjM0VQqTHtATSJp5plTD+E7ze50uTcvixxhpfLtBrQPqoIEssCqj1KvSRWiJIwxiiEda6DYUahSQeDG8tASlFJiN+bNVCUiEV9uICY4EQ4h5I5DJ7jZRnYnGsqizDD7IlprHB925X7rpbEziY4Vo4oXbQ\/DaBJVtrR5p+TjREy1mMEfU\/uoVFxxuxPPj7eEsc9e5lVBY\/jEOySd5jZXgVkAMVDMWxbK3px1AD2nXrkNoKi8tGu9cyTVDDo97SGkRDWBswOa6+nFvoFCUAkCuGFIhI8bgOIgkFdMqigaT9hhN6njYcbGgjten1FYM6DqC4gRN0h1xVsDT+gpLt+IEwgw5Mu1hFsYpjkuuoITmKMbfLXDzQ\/wJtvtKD6gbDTPQjVE0Swtf\/N7744yEEOcpCDHOQgBznIQQ5ykIMc5CAHOchBDnKQgxzkYBH8DdDO1wSycMqNAAAAAElFTkSuQmCC"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1654385176794,"pkt":"tKXvZygQnLbQ0+MzCABFAAED5\/JAAEAGaSDAqAJ+rGl5UpW2AFDAhIjRiFQ344AYAfbp1wAAAQEICvK1uV7Jom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDczMC00OGZkNjU3YWJkNWExZDNlNDVkMDM0MDNkZGNiMDY2My5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1654385176794,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDhyVAAEAGye3AqAJ+rGl5UpWqAFDm5trb+jit4YAYAfbp1wAAAQEICvK1uV7Jom0dR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDc1MC01ODU2NDUzNTNhN2E0NzYxNTc1NWI3NzE0YzYxMTgzNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40750-585645353a7a47615755b7714c611835.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176795,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176795,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1654385176795,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDkpJAAEAGvoDAqAJ+rGl5UpWsAFD4\/KHAFVJVKoAYAfbp1wAAAQEICvK1uWDJom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDcwMS04ZmE3ZDkxNmM1NWUzMWY5MGZhNTVmNDUwYjcxNjUwNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176795,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176795,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40701-8fa7d916c55e31f90fa55f450b716505.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_last_seen":1654385177118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1654385177118,"pkt":"nLbQ0+MztKXvZygQCABFAAF1WjBAADYGAHGsaXlSwKgCfgBQlbaIVDfjwISJoIAYAOs4SwAAAQEICsmibd\/ytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDg3MzAzDQpMYXN0LU1vZGlmaWVkOiBTdW4sIDI5IE1heSAyMDIyIDAzOjI3OjU1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyOTJlODNiLTE1NTA3Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNjoxNiBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2094,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":3,"flow_last_seen":1654385177118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385177118,"pkt":"nLbQ0+MztKXvZygQCABFAAXUWjFAADYG\/BCsaXlSwKgCfgBQlbaIVDkkwISJoIAQAOsFsgAAAQEICsmibd\/ytble\/9j\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APgjVdV+IGpeNdTTTtd1OT\/iYShQt3If4z715latCnfmZ4ajObaSOi0zwV+0DrcSLpOm67cMW4EbSsen1ryK+aYKk\/enY7KeExc0rRubK\/Ab9smSMS2nw88XzK33THaTNn8jXGs\/ytys6y+86P7OzBL4GMPwE\/bXkJVfhP44LDsbGcVX9u5Zf+NH7w\/s\/MP+fbIJvgF+24fkf4R+NPqbWerWd5V\/z+X3g8uzD\/n2xY\/2Z\/24rhd0fwk8X\/iJB\/M0\/wC38q\/5+on+zcw\/kf3kkX7K\/wC3VOdsfwk8Xk9vmcfzapef5Sl\/GX4gssx\/8j+9Fgfsj\/t9Bdw+DnjFuP4Nzfyas3n2Uv8A5er8S1luYL7D\/D\/MY\/7Kv7e8QP8AxZTx6cf3LKdv5U\/7cyt\/8vl94\/7OzDrTZm3v7PH7cFqStz8GfiCCOv8AxK7v+grSOcZY9qy+8h4HHL\/l2\/uMq8+C\/wC2LaqWuvhV49QDqW0y7\/wrVZrlvSsvvM3gsb1hL7iinw2\/aqlk8qP4feOGbOCF066OP0qv7UwCX8aP3oSwmLf\/AC7l9zNTT\/gP+2Hf\/wCp+H3i9Af+e6yR\/wDoRFc887yuG9ZfI1jgMa1pTZrWv7Nf7Ygw8nhfX4x3Mt2ygfiWrlnn+WW0maLLsd1gXrb4P\/tRaU+24stVJHUJflz\/AOOk1xTznLpbTf3MpZfjVo4\/idL4f+HH7SdyQh0LWyfe7Kj\/AMeIry6+cZf0q\/mb08vxr3j+KOx0n4QfH3CreaPrKE9N2oqB+r1xf2vQl8E2\/lL\/ACOlYKUfjVvmv8zft\/gv8cXj\/d22ok44X+2IM\/8Ao2iOOnLbm\/8AAZf5DdKnHeUV\/wBvR\/zKOq\/Aj9qa4UjR\/C\/iCcnp5N3E3\/tWuunjacfjbXyl\/kYTo8\/wST\/7ej\/mcN4r\/Z4\/bdTcYfhb44kHP\/HvbNJ\/6Cxr06GZ5fH4qn33OWeDxTeiv81\/med+IPhH+2JprN9t+FfxCjx1zpNx\/SvUpZplb\/5fx\/8AAjllgsd\/I\/uOR1fSf2hdLYrq3h\/x"} +00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1654385177120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_msec":1654385177120,"pkt":"nLbQ0+MztKXvZygQCABFAAF2wDBAADYGmm+saXlSwKgCfgBQlar6OK3h5ubbqoAYAOuKlwAAAQEICsmibeLytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDEwMzg1NA0KTGFzdC1Nb2RpZmllZDogU2F0LCAwNCBKdW4gMjAyMiAwMzo1OTo1MiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI2MjlhZDhiOC0xOTVhZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjY6MTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCg=="} +02436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2100,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1654385177120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385177120,"pkt":"nLbQ0+MztKXvZygQCABFAAXUwDFAADYGlhCsaXlSwKgCfgBQlar6OK8j5ubbqoAQAOs8UgAAAQEICsmibeLytble\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APxm8Z+KPFA8aauF8RX5zqlxgfa34HmMPWva0SR823uUD4p8UeWNviO+GOn+mPz+tLqTd3BfFXipSR\/wkl\/06fa3\/wAabsK7uTR+K\/FH3P8AhI73noftb\/41DsldibZctvF3iaPKSeIb\/pwftb\/41zVUnaxzO7LcXirxJIgP\/CSX3TnN2\/H61jsYzukWIvFfiZo+PEN8M4GBdP8A41EtGZ3d9x8vizxTH848SX3A6G7fA\/Wkkrm8dI6CL4u8Sn5h4jvlzgEfanyf1pNPYtPTRmlZeK\/ErbR\/wkl\/nop+1P1HXvXLO97vQjmfNY6Xw\/4p8TPEWOu3j4bORdPn68mvPrNc9jKpJy0O68NeKPEWVjbxDeYQggi4bJPX1rzar3aMndPc7jSfGniSCBJjrV0V6BTOcrng\/XNedUTlawc0rXuXLXxnrZxI2vXPyqRlZW2j8M1nOMkXGavqdV4N8Z6+t5GravdOAAxzOcZPTvxXHXU+VibZ634Q8ZavqN8LY6jcCIJl5ROc9O\/0rxsQpKO4Jytub8PxJu7nWrdI9SuOCY2UznBHY+3SuKanGDuxqUl1Pdfhb4r12LS4rl9SeQXUiR4LdBnkGvn8ZKTd0\/xYnJoufGzxJrcdpLNbajKI44huEa\/Nwfu5\/KuGlzd2\/mEHd6s8ni8fa1bJ9pm1abMnDDfg7v6cVpNVHLe3zZ0atrUhPxD1GS3aa31W4eXac7nwWHehc\/Nq3+Jeq0uaXhH4i67Ff2oTVJZGJ3bSxyPcn29PaionOD95\/eVd9z6h8E\/Fe\/n8GRG3uTvdcbUQbgSOSSeg614FeNVS3f3stylyo5nXviX4pgmaZtUUCMHG3A2+xHauCvKd7OT+9kx5m\/I6Pwj8X4odCtr3xTdxutwTsdSDg\/3fbiuVxqybs397HCN3ZnoPg3x7jT0utNuo\/LaTa+1QBjt1715OL9onrJ\/ezohLl2PqH4J+JTrXhiNjKrlMKxVQOa5cBXqwxNuZ\/efX5LUU6Lj2Nb4k67Ho+hPdTSIc"} +00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2103,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_last_seen":1654385177120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_msec":1654385177120,"pkt":"nLbQ0+MztKXvZygQCABFAAF2OPRAADcGIKysaXlSwKgCfgBQlawVUlUq+Pyij4AYAOskNgAAAQEICsmibePytblgSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDExNjQ1NA0KTGFzdC1Nb2RpZmllZDogVHVlLCAyNCBNYXkgMjAyMiAwMzoyODozNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI2MjhjNTBlNS0xYzZlNiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjY6MTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCg=="} +02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":3,"flow_last_seen":1654385177120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385177120,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPVAADcGHE2saXlSwKgCfgBQlawVUlZs+Pyij4AQAOvAhQAAAQEICsmibePytblg\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/AM3xD4j8QR63dH+1L3ck7AhpTgjPBPp9a\/VPccFof5r162IeInzSlfmfV935klt4p8UWcKZ1e5k3sD5byHgdiM9Ki0XpY3p4nF04JqUtfN\/5kWoeK\/FN8+06lKMqeFmI9\/XkU1GNtjSWKxMre9L73\/mVZ\/FfiJIVhGrTjBypM5IH5UcsexMq2Itbmd\/8T\/zHjxZrAsGh\/tq4Eh6l5zkH+tCjFO9ivb1fZNObv3u\/8xfDesa7dXksk+szZhQBczHkk9+4470q0o2VkVgJ16lV3nLTzf8AmdDFe+IrjJfVroKgIGJSFJ9Ov6elcz5bbHt0nXvrKX3v\/MxvH2reIn8O3E66xdI1tiSOQzkHk8qPY56VVGSjOyW5GL9q8O5OUtPN\/wCZ523jPxLMm0+ILsqByDM3ynOeK6ZKDd0jx1VxCfxy+9\/5lC48T+JplCrr13ye07c+3Xilyx7HRDE1oy1nL72UbvXPEka7pPEV4WzgkXDf40nCL6HbDG4iX2397\/zMy\/8AFHii1yo8S3hJ4P8ApLcdfek4xS2O+jiK1RfE\/vf+Zz2oeLfFKsVHiC8JP3Nty3Hr0NZ8sb7HqUq1a1uZ\/ezNuPF3ifcT\/wAJBfjjki6b\/GjljfY7KdWra3O\/vZTbxZ4tdhu8R3oPQK10x4\/OhxS6HWqtRbSf3sp3HizxZsGfEN7gc83b\/wCNRKMexvGtUT+J\/eyrc+LfFrMWXxHfZwMf6U3T86nlj2OilWqcvxP72VX8V+LSPKl8RXxXA4+0vyc9eDRyx7HTGtUvpJ\/eyC68YeKVk\/d+JdQjAXDbLx8n8CaOWL6GsKtXl1k382UZPF3jEyYPjLUeucNdMQP1qOWK3R1Rrzt1+9kT+KfF8YP\/ABU92TnJH2t846etLkS6Gyrzl9p\/eyGTxV4uljUQa\/enqWzev19Ov+eKlxT6IpVpqWsn97M6bxP4uZR\/xUWolif+f5+ffrWbp0+qOyFeo38T+8py+KPFyqsv\/CUamoYEjdeP\/Q0nSp9jup4yq7q\/"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385181857,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":409,"flow_tot_l4_payload_len":409,"flow_avg_l4_payload_len":409,"midstream":1,"thread_ts_msec":1654385181857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_msec":1654385181857,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385181857,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":409,"flow_tot_l4_payload_len":409,"flow_avg_l4_payload_len":409,"midstream":1,"thread_ts_msec":1654385181857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"m.vpon.com","url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} +01786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":1654385181897,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_msec":1654385181897,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183491,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"flow_min_l4_payload_len":810,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":810,"flow_avg_l4_payload_len":810,"midstream":1,"thread_ts_msec":1654385183491,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_msec":1654385183491,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01456{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183491,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"flow_min_l4_payload_len":810,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":810,"flow_avg_l4_payload_len":810,"midstream":1,"thread_ts_msec":1654385183491,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183495,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"flow_min_l4_payload_len":797,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":797,"flow_avg_l4_payload_len":797,"midstream":1,"thread_ts_msec":1654385183495,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_msec":1654385183495,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01443{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183495,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"flow_min_l4_payload_len":797,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":797,"flow_avg_l4_payload_len":797,"midstream":1,"thread_ts_msec":1654385183495,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183496,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":791,"flow_tot_l4_payload_len":791,"flow_avg_l4_payload_len":791,"midstream":1,"thread_ts_msec":1654385183496,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_msec":1654385183496,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01437{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183496,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":791,"flow_tot_l4_payload_len":791,"flow_avg_l4_payload_len":791,"midstream":1,"thread_ts_msec":1654385183496,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01008{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":1654385183514,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1654385183514,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} +01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1654385183517,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1654385183517,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} +02702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1654385183520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_msec":1654385183520,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183618,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"flow_min_l4_payload_len":830,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":830,"flow_avg_l4_payload_len":830,"midstream":1,"thread_ts_msec":1654385183618,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_msec":1654385183618,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01476{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183618,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"flow_min_l4_payload_len":830,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":830,"flow_avg_l4_payload_len":830,"midstream":1,"thread_ts_msec":1654385183618,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1654385183642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_msec":1654385183642,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385184096,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_msec":1654385184096,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +01780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385184096,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184117,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"flow_min_l4_payload_len":252,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":252,"midstream":1,"thread_ts_msec":1654385184117,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1654385184117,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184117,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"flow_min_l4_payload_len":252,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":252,"midstream":1,"thread_ts_msec":1654385184117,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"analytics.rayjump.com","url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1654385184118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":850,"pkt_l4_len":816,"thread_ts_msec":1654385184118,"pkt":"tKXvZygQnLbQ0+MzCABFAANEBJdAAEAGBbvAqAJ+CNFha936AFBSP8s5I7uXO1AYAfYwmQAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPWtleSUyNTNEMjAwMDAzMiUyNTI2Y29udGVudCUyNTNERCUyNTI1MkJTTSUyNTI1MkJGUDJZblRlR2FsckxrUEFKN2NzWWNLdUhhVCUyNTI1M0QmbV9zZGs9bXNkayZjaGFubmVsPQ=="} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1654385184139,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1654385184139,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184174,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"flow_min_l4_payload_len":940,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385184174,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_msec":1654385184174,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184174,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"flow_min_l4_payload_len":940,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385184174,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":1654385184282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_msec":1654385184282,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184845,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_msec":1654385184845,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184845,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"tw.api.vpon.com","url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=0&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184857,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_msec":1654385184857,"pkt":"tKXvZygQnLbQ0+MzCABFAARIYtxAAEAGgd7AqAJ+ypnENeWIAFCaSZQVPGdPqYAYAfZWMAAAAQEICr1yaPVMk1rLR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz03MzEmc19oPTQxMSZ1X3c9NjgzJnVfaD00MTEmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MiZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MSZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184857,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"tw.api.vpon.com","url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184927,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385184927,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_msec":1654385184927,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184927,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385184927,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"cdn.liftoff.io","url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385184928,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1654385184928,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385184928,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184938,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1654385184938,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_msec":1654385184938,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184938,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1654385184938,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_last_seen":1654385184942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_msec":1654385184942,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} +02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_last_seen":1654385184942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184942,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":497,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_msec":1654385184944,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":497,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1654385184944,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2303,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_last_seen":1654385184953,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184953,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} +02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2304,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_last_seen":1654385184956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184956,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2304,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184938,"flow_last_seen":1654385184956,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3201,"flow_avg_l4_payload_len":1067,"midstream":1,"thread_ts_msec":1654385184956,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184965,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGm4AAPgGZj0SQGcewKgCfgBQjyD+smSW9c2PrYAQAIOKbwAAAQEICklV7wucUadQ5ogdq\/iosAYQHnuYoAkvkdnGEx7sgfMQlGGrFxZA1yFkqy5MoicrPqJw3gr9hAgjam6KaAwuXrhWKQF6GuXGbBvVErM+rqhTqw0S+mOoHLEY4s4FqWJIQ1cT5cQHITPEUA8NmsKXQx4OPNTUF1gsmkFJG+W9FLWdk8qI2aIQV\/yYMeSGTw74FvYOMM4DyYjkedi25Hlaxn6nKYMGLSn2thPUrK2WshGdhHAxCSxIaZduwRhEPOo4bZFCUfAig1xMlQhT102Z6\/h1jyy9Y2FOTqxE4We1SIl3jgw9N+ghK12R0K7udpiQwRquQJKK59ShtftqxFuHqgWu9ioVh2g7O7EbTedwRtJMXbm0ah2kTJ32xO0TZEG94g8bjMzkcl1m3NuSQw+Jl+nhpxe0XCTzjwmTR3B\/Ayh0joMwTcVU2JgiBD0+DOZ\/XeBiYQ47TG1YlpfqWRWnMCzc7Wb7RbHp9OvR2Dc\/\/dwQkuEIkywFK3CRRNMAQasTEI24+xJG+ceiAlhwwXcWRghi2LpCgYAXHIsWQg5EML3sL0y6ODzBfVQUS9EEMXT\/2DwkfHfhkvkhNgQM4\/HEWo2BJFkgiwENsFXve6AnZRxrdslQMuUEOyqAwAsg8ZYXYIM\/iSfJEwHuox95SJebwd6lXVS\/GZqiCrX5qldHVAhpCpb5CVC06kelCqTHtkKWudqMQc1RbGEIfFZhjmJQ86si71pVcWKFDatzRg5mMPpjAXegcI0htoQUKHqgjP8bD4GhWKuktB2K8eCMtWlkSJoUINAL4oOUMURQegH1KF0FB2ahoJCJ9vVZg1pKEWlCBA9EE\/oz8327GODGRhfm0Y7ZA+DkZIe4ubBhHXkA10YPFILhA+cgoMIIs2nF6k3Yg9gZFOzK5gseWgqegfNZe5U2cULZfTDMGvNjVhhkqLtrDRuG2aoghuLXZMY5euQeWmygK9GtF2hzgV6OIMtTMVTz793WI9WGVpxqcWjE0WCzJ67\/Odismm8FSxIv3cjWS2JgaDe4UAykmF1npgOZ8mc+HRFFsJsZs2nokg1Z9LbmG\/uS8WdEClrpbQGk7OzCpWqnz5pP\/hAxjot+MnBHFeI2gNKiuSjgHGzxUDpBjyR1KRIjWvfIoEeNcasmZg8vOsgdBlCID0kHWcB\/Wnhg6hUicCWIeMDYHjWMEqAMEU+sW2zvpBSItTGVMR\/tG5FDGjnwRbCFQ7H0Q1pyVsYKS\/+bgPQMt6tmN\/QQSVGaqKzfqW73JIcui9eEBVY+RQolSMRVEuLfLL3KcnHV1htUZmHMfXn68WLXop3FFrRIv4ND6JZOBmHJnH7V3piuFJLPipHp4rFbXPJLpaxBs25dRRta2P8nbMKHH8zgQUJvtjGbPG5Qoas8jKRpOG9PfPUMkNTkQdcI05Kq69VlOXml6It2UQduxJOKGs42T7AhFKJPnmjEuxpFJp7Qmp4cgdGB8nTOxTI7UkGRz6h5NUjZQdDvoJgOb5wxHz6DtpYAtRljv5SjxwtRvetqHLvPS5dqQEKiklws6rQRJRJSgWJc6INl2LpQ2LwzXIzDrxG4KyZkZEea\/BhiYr2lFa9kOoKUxYVoH6stGFraqU0hCb8OxD1kbuo2v4FqacYgYMLVetH0UaKQShTjaFivt0JdBLGUcYiCviMaxoNkPkjpNksgTJENrYzCczP\/c86QKZuvwdgwNCEJas5+M0FA7IwteDjfuG4H+vXhwzxQy+RholpcIZkEH3EYAL9KvuTKixOHHulpoYKtamwQolbV0LFtwXQhkMOgP8lG2b2ZJ+IUM0qTnh19rIOITZJ1INZMWCLVkUGyGrTiGn00YVvPbzgv0rlIYYoB86xhRlni1rNpEhZn7dSqR2Gz1MHTVgUr9qKTdXDaNCJWayo2otmdYEEv"} +02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184965,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGm8AAPgGZjwSQGcewKgCfgBQjyD+smoq9c2PrYAYAIN7OgAAAQEICklV7wucUadQJspEi0CUOOmI3Cvceu7ZTiQFwaD38Js\/p\/xjAp0j4xbiQNQqOyBYr5L0IIs0msCoEYCCdXXdrZEsJEixghP9dW2haBiWE90tiwDKNL2M4KmVaiFSazRQsJxUArOXEYbM7Mk6ouyCMoHe6uCJlL0cyZtIWWKhOIsm6ZGti94qIbr5CNRdSWJmU6uEfjypNj3HPKIJZrjuhyY9Cu2ZvINqzgm4caq8NN3Ol4TW4lXCpbPWwUSjgKN85uSLF0rMSsFoUgIprHQPciOblWTBOTITmrFc2UGRtjRj1LVRrpKUpZeVdZN4RSo6tznl0hQ9q7XjysoNU7sPtQQAlDgnUfNPxezctohspJSSaW9icUrFWCtcwLVCtqHJjGTqBf27OmPKKfkfG7cIR1palknv7gysOseGXawVw8okfeiTbShNKrQNzQwd2ZYaHbnsqalY9fIprU9uopYlGr1jz4QbdlC+Xlck6sWEWatNiYA6+mqPGc3WxcuksVBq0JSEfGbpESVQtev4ss0yFbv3Ms4MrIkJO6ZKEVHnOGm7baWoO9oDVS\/VcNqDH99a7piWhDvruNwEIdqktI2GDvEDR2MN+cRA0Drq2ZYeS0jdoQPJysWM8ZCqw7r86FgOTdw\/86RtBT31VleuPjz3IVXMyFirKDF4+Ve2++jcSZHmoXsDy3mQyZ5lCoCfRHm5eAd8ygVLOOwlU84ma9sRJJhQRw9RlIV4BQwStxE\/P+KYRlMT9C1FlrETthUtJn08pmc4CQf5Y64MMSj51HOUvlF1VzoUdG8NWiAa7kb1c\/rFFRcNASFdygmZC0L5oBNNcpSJ6Y5SFUryQF2kzJmxJdUKOnuoLqK5VaUVFBbdmnQzhlj0rxhHV4LhD6zUnEEjQZxFlZ7wA02LeOGLF4IJOUw9qRdPJKkaNW6WtEkbh+a+82HiCzidkwS8ebcWJ1duWnUmydiJt3assevDFk\/X8DFpDcwKd+5ns4Xkhm+2jDq2\/WUCZkq2L1gyzrz9ogyVkhOaNAn28stqziCDjsaLoBQFnh0+pIlPsszStPAV2eh+MvAqccRlLZAYHODR6n6NY5bf+BYIuf9ITT+IIxa\/4VN0UVnUvxrRwoIlUSK0sQ76UbEaURf+evWxATWLaR8y07ulM0Caqds3CjhoCOii7C51OwgaSrstoDBZPcUezxEXmVHSiwlGLx53FAZqoDlcUPLsr9gg2Flf6M1WdfOntS2Jtlu2fbTnz9R9PoHpWfgnrlmDARFCtPhHhajELohr\/Q1PRAY9DS9EjCigt3tqC47UwaU4OoHNoTqRBJDQYjzeR6HqA+79NTpFmHOJ\/uDYfkU9w\/cYaGh2Oit6cuhN7ZwdaS02Fd1az6abPC9BnFbpndrIJxzSL4mmYDMhHhJ8SM3hs1Tpj+ZL\/gsL6Q8PBrwU8cvM3h5+HrSurDwTRw3amJUNhKXU8BUtCpWoiQqzmmxbhhYZM\/XEqRfDnhULOCEo255OrNwVCkUI7kOsZimTiobTTVaISLkpB7LFs3KqMfOIT4bdyQFmwlVZtGIdT8kpJbgMVPYXqYzaQYyWDPRG2IwaY+nqvmsyj9xZ5oXw7iJkTSkapYZPqKt4i0AcaR7dvMEaCMgCWyikf4axtIXxAc9FMUBUbO6Gbulb0dAH+ywz4t4rgH0BUbKxsq6DLVrxR+Dz3QoSsGslYOjRUxc2nspxMWTnKnbO2+WaKGg1SFoZL97KgRsxHVZt6JuwA1BWIWn7WEPJHy5EWtPF0sCx6QRRsnaDyUNKVgC0bIIsiHciEQeN5GvYNZNmOzanRtRwJ2oP+wBB3AiolTeFEWodeEKa9Vx14liiPDCIQ07+AirkzEaTcwWcI8o2WPc9DCGHQ9deUQQrUozjKmsmbQrE6aq9YqjpDlm0SJhe"} +01173{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2316,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184944,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3353,"flow_avg_l4_payload_len":1117,"midstream":1,"thread_ts_msec":1654385184965,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +06309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1654385184968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_msec":1654385184968,"pkt":"nLbQ0+MztKXvZygQCABFABDwKKwAAPgGTNcSQGcewKgCfgBQjy5+eHC\/0XpgIYAYAINNZwAAAQEICvuAHVKcUadRtia3OWrUCi577oZVo7qVa1pV4DAWp5BUj1ylZg9HIVDCN9HY7AbTeijAg4XsrglqbYq5vDpykI6WdQmyzYmgrKIxhalIqTk9ryxzUznXMoouNDMlCihWCVviO0KxmTPE5KQ9+7SsAUrQi7Sg+qF5Pd0DtbjZtLz871N0tzex+ukapoFCrA7xXAT7EhUt7xIHEz3L0UmSEhywkGvPteUIxdc6E6toBq3MvO55kaYOGDx48p6ZBs0l28a6bJ4zQJDaeXlGC3OM6mMEiebMI1OGu5tfpXMjhz6Rp73wrdy57Payp01EHIjlCdRLUKOAPfFUuHBSZHV78nHM8xiG0tJng+sW\/lS+Ct4omI2wK1pbPk0VNnnDxoaUD4P9h2HGucJMMsOcLUiwYhj1kheWaGnaKjtJU86IE8hv7kMCVo\/B1CxxE3Lz+jqf+jgF8eENd4d4\/zg\/OJd9i\/VoLDYszM0GnwgrV6X6zCwUU8MUmHILsn1nKkxsK+j59rAslcf4WjgzPH\/bxH1Xf\/hRSG9h1GHU7F7dhqqMXd4GsfiUbI5KewunZSYn3sSrjPhasqzcbZWIOn\/RZGzSCzJrYTqkQVw\/T63VN\/xpgAg02on1ddwj7ZXVGqEZ14pCRJ4U1Nlz4GosQC2e4WkU56BxFokH+fTqlofOKVzfTTBLskJj5p\/BXxTGrZxWaisoBhtbb8NE8Bmwrx8kTZqCTZ4LizErphxTdyPZU8mP1LWCkBnHJ5AFAviY9cnU+ZbIwX1VuD6Djzu3WeCSXVqRfHW4ggvwWzYs\/gP9Jpl67985\/6\/54LGh3CGiAgEgcG6BGxY8R11bg8qYxj2WScXzuo0eu4ZJ1uM5xG3D3x7O7xmZSyQYoEmBJEeWqjVCrbHbJCcpoCpd1s+S3OYYriGysUdQFw3VpBOPd6d6s8rlqWwPuY+gRHRJgJSn+ZHDQFEafniozT+8SkWOQ5rQAe58UhC9CEqwUYXDjACh3vzGpLHKqglIUwlGKGW6YhUdUMwTnxVEN5X0kmoRJNoqHFhBmEY9BmP5+OU4QSH4xOI5zReHcNmGyhmg2dxP4TJYS\/MmkwxJ2PiI+KkAnqHY0xoTbdbyJKU6xxIlj31MxZNGm1P2mPnjEKvm91XbL88c0sI4gC4jtuPQowmsExa7xIVAWeJWpuywE2myad4k0pzsE5rlIj7\/quzGMwjIayYKok+aeditOgqCCIp7Kd3WWcNlzfIetdoBRmGhdKoVdXlxx6Ril9ggFuDcF856+Nzit0M9yvQyF4OmsA18wbuJCw69M9A30ml2L9fxmr1URKoZGMaExc02oNMIn4wHMUyukvZCYS9CJIMDWwrH2TSFMXvF1ikdepy0FG3vigcAcfOcvNka76wATRzD21xzyO4PK8NKUOWFMi9TYaaMjCeHjnWWJnIhuZfBFIVojlQlpoqbIHE5pMbLvRzrT+\/c+c9U3rDurSLvr05vZU3uuVvgIe07OZJ+6XCDm7ZM6e3AlXgcTZ7lB9Y2alCJr5832MZIIhz9vgnMVtPVR2xymBxqPeVZcUSF88ascPkun62PxmORsMrVddGtvmxECSlwKnz9ikb3r0H2wPbe3tafZ3F7cyBgLihy\/EZ\/5d7W1Joqcq+fgtXBF1qvp8fBtVe5A94Nn0XIHvFgn9MyRia6LxN\/jz9f\/HIPpXDHZ1GXH3N4vL3dd7OrtjcqksxUL3umHNivH\/h1fxXCr3B4fDteDwdZ8BZnR4BtwnVuvEm9fy8RDPZa+2xs6JNNIuYS8y9dWRuyjwc5HpIv1W4V7IHAPifgrbB31tyn2B4Tnow5XvNljMP43jsFONvtKdn0qlfMMIaz5GBmfmEIHi2aEF9c7kXvOf6c6i6Ho4r9L3d+4HGZDTbnuLyWbo3+d8pttm9FB\/vaZov5fj2DX192EQ9XsUgvfsKv3Ja8btDZJooZ10aOkx3Ed3hDWXaZbCq2lh9\/te54Syd34psOYJ5LmEwk3nTe4i3az2bTd4l+2aciRXCt22yvpFWFZmG4dqfUWGuh4d0d8vPGCM\/dw+n8C87fnoIDEau5tajR9lwluJLmT3qANwvwj9UA3CUuFhmuDC38WaUyB22P\/AW7pvquAYgVEcHm+38V8HiTF3TfQF8s4EEt\/nGyY22fP36vJaubKd\/Lsx5MdGyNzrJ4tliXSZuYpui5llx2rs0EepLJCRRIwShmOq8VTWoI7lFOcQdeigF7zyzJICt17FH7xsjRTNluvXNudWS8ckDt\/GCH9zCQHpYtg3FxdezTyW7TMJZYCrG30qqTTL+t4RxzpdY8Arx37bBCDZe+6M5fh8N5jmXukeeGZzYwEDR5LxLrYqeUrBd47Bcqg0Rs\/Nq\/rMSoXyvOWMXnE\/\/eA935FTy7WUl0XdagriM+8I8Uv9Zo8RSV8Ocrvf\/MuDeqHGNfdU9p999Yzx8wHts\/QjqrfiJBQUsKlURNQLYr+Pxph7vufBZ\/Fc5vbqMe6771nH+m7vl9rr0T7\/xRTBfIGGq5HXOdIsI72zo2UPXWY35vDp9ew0lf79IEc1BLyrpqu3PDc2vVEKbEvH2uDM\/5dotey+W3GoQgBt0gWlq1Ffbd0gncyJNkVhqr1BY0YCFX1p9Xt3n+lan7AYgIqRmRtW9l3rnzF0V5pCQfvHdgxXB0xAFfQ9wbnflmyWCAMX8Pit8n0B5iuplKZkVr\/KxKGyHieTJBN5FwzpT90P5djs1bFf0Rf5wxaz1asqwsHzD\/c5+F8LEBzgoPqPAUFIo1eWFKlRhO\/tbO0jPdX3mmk9v3XX+VlE7JjYbO0n4+TynxNb8a1NdLGruQGXq7oZGQBHzhz+I5lK2ng7Gn\/2+DyNJCCYfY9jv\/0f\/z6tnL6iOnCn3mqeG331Q6DtB\/rA\/SNqCtJYdWoge5Li+sAb2lVxB44by6fVRKjvN\/ed46pLkbyNsZjFTHXUOvF79Zmw7uPaf9c\/S3tr3ZetMjrlt\/xLflJbwBB1d6dGEjIG73t66uRtteXbuh5Wp2avHtn+nTVLsCXOSP8DYJa1+0xyJBIuyZygqzrU7nlfLe\/OzCF\/5Jru3JFrUqJ4lEHon\/2ra2fij+fb0Bl59y\/cnJdz0eb2+\/5fNYKtsGJz0wA+9r1f3x\/Xq96U5\/OB7fbl9vu\/sYjEpvs\/cPTr+t3+13XubW9ggXOahqx9tLS7q18deRBAtJhfvoo2y++aqeQD8R9KCF\/Dkiogsvv3klwo1s+T0ed\/+BFzb4qaX720zjbz+dx\/1wVv\/dSeZ\/O50Ptot9xN72sxeoeq0hP71AartzeTr1Uk8s8jX3pn3F5+3y9\/yb09Kjv7czFjwkR+nzjYfe7\/PdPDtShK8T6irCbJPw5MvzUVfJ5p4VsOEFuL2hJvpVhB5gptcWjO4f06+RL+xPxJoZe8c+f7z7khRCp5pn3mmgvHaZjWaZ0bfBQpSDRs3EnlfWIRIQ8pc4XuqHIMcZqiHcEOI\/xI9FPpfiOwRWf2DPy+D\/FHyp7KzBwzkQkdc5P0SwR0iT0x4nkVQetvDUn8aCBUbz09Pz67gcxcbm7b8uF39wTMBPHU+Ifi7P\/+hNKzSs3hcvw20bZ2FIuXH0avcL7oPC6lPKZSDcWr76jNpjNpYk8uYX+V28Ub+2rpglw3yHdxQxookD2isPoPuwD1jlewb2D6IctFdSIm+w\/Zf3xRxA6STk0UetBkkHLPZxVta55o7Zn73t00Cbpj\/th\/SK\/CY24Cj3M6F31c2E8hqIh\/lRaF3ld\/HVs3oQAwvz1NJVuk\/47Q\/0uMU+EwuwBopxSRIThXyjyXvoLpCZCh9cSBf3B2bo4ie0W7L\/GXVboE0OWenVZ+0PWurXvHK3+JX4wQCFwW55uXEloNP76fZCjAEr3CX4t7QaUA8GiLYxNBtH9UyqRTzuk91VlQ+YKR7WdqbUDlRusWV2IE4A3fsvTwckEmfbwuLqlwQqNCKaOfadCiMP5oP8B3JK6S8pGgBiG824Drhb2UOwvRo\/cGOIvAmSIuv4l02e1Zu7H2junWlVhR9o7oUreho5AkoQcNXeyj1zdMfhE\/qXLzN0aN1FUP4D\/RfkWJmQ4W+03nLiuqY+CDASxVNYX5eT+ctUzMJUH3tadi+YC8tIJmIlJp+OXhoGafcrEpHI7ldn9zuzZMetfuZcR07PEwoDQIptcPnDkCNMuWQ3CyHK9gM3R55O871qh1ISHtaMlHeVEvh5iCSEay9mGUM76LtJ8eB6we\/rIv0ife6hqx+ylA32SahXgsnDK64t\/kePph3Cpr2dXfjPaiJUAV13WxqT9PXQl307hp6+PciT\/RRalj7JGBJaKFxGUHOzbAKVzhmpAO2F1\/LjKkR36fJQTcFfxgNmgfiOmN+RfH7Yk76MvFabxD+2DuZLszyDjHHz1jrEG3qIbLRYwTpBT1ArOzvhebj4aKNnk1yYj3OLq2+VvDDPvaz5qCX2XE31vAtgSM4axL6C8crzfJ1GrhONX8E3aEt9LAqDfJNA5gCT\/nO6vaCMZUjttP31Fyg3rZ9badwXFpPhKFYfC\/WY1a+O\/+wBVEEz7Lk2t7x7Pq\/\/\/bW7t9\/vb3havf7t73h28HAbf\/\/n+Wl\/aJBBqfjB8vtKk0my+d\/+U1FOrn5P\/l9bq+\/X3K73G77Pk4NvMyoCFw\/\/xJB+OHwRe7\/s\/mix\/Xn93h\/tz8Pe5mfznd\/7x3O9+x356do2919ifP7876+sY+PHsvSLy\/n9a\/Tg8M\/Nuve+vJs2VrafwAqz0tudm60ws6Wl1QUXRXNCIBdjmGALJSEYb8MIIKVssOU2rYHxl1q\/Uc2MP1L9ckqLPk7nfNz\/ouOdgnQBtijNss1Ttm276pRt\/mXbtm3brlO2bdu27b63Jya6Z6I7IndkPqx82ZFrZebL1\/nESAKa8JdDiUY7SRKUv\/TEscD0eEmHfWnKsIC\/0pgDfqOehe3YocrFxcQUoNPl8ygCarTVURKtYe6Ufin5mjYNYN+U78DExOx1pt+Ut50PuSUIwem9tv6ysTrcd3Bpd+i62fotcXoS8KWKFdhCqKV\/P5T\/OiGpAvTW4r8W9HLFxlxzT0eiXngHhWOgJBrrhSEVZBSsaOd0Nc+UflCOS0RbV\/EYtp8W0zZKboYpUMc1GKXyePUpdjcllZCyFvHT\/9HqTJLUyyWDFnqWS0D8nJh5Y92IkMpZAVjhC9virUc3XS++Ddch0jMAS6rmEaxrSsvDUyy4AQsc7ZcCrKweap3zbN9S+tYy5ACkTim9ROHF2JRORwNYmIO4r3\/i0tXqapZ9J8SXZhI1NjuoUvUIiRdwJyV82CRoxKcIQkgW9s2o+Wzf4zha6sqlbdSZIUxnwP8x4zwbnSdR3rYj5s28EmcqpaXZmKd1fHYPicaQZA4wq7B\/8Bx0D\/i3RSKfjVRtWaM5OnFeo81rmnU6dTrVPVoB+3VX73mKiYh8B7i8JKvDNFfUsCKttEBpaZCxhNSE6pp6KLD70pU3pbqImpzPRHFILNbBJ\/u2PR4c7a2\/+jSfiQEc9VLWrcOTOg0o2FMfv0ZP6xAieGjq5Gvd2UINUm8bCqvZ+nW8TGy+nsya74sKOlBcAFavG1rdnqcc+EZrCIqCnT+Zu5Nrew28GwzbAN8Yk3fNZ1REgcAgnJsXnJvlYU8xcIWjidFkI+sFoS8uUPdhyCEveLesPuTOSqhVQd8nj5tPCaLePVWssKd9p\/AsV+nAJ4mMLEl8GAab"} +06293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1654385184969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_msec":1654385184969,"pkt":"nLbQ0+MztKXvZygQCABFABDwKK8AAPgGTNQSQGcewKgCfgBQjy5+eIF70XpgIYAYAINNZwAAAQEICvuAHVOcUadR+OEAbsaEV4ATs1KWNFGTmcPU4ah2dE6ss+8j7HasEYjyQ8ziHPOiHkIxj1A5a3PYkXlKr5mNKYD3r6jOwEB8EUYHESkmKncUQQjfuQcyaXe6+v3CpZhAGHSefk\/hCi3lXmAh8Zlr3l9WPQDHGS3ZzfLWAeS0\/eIMH5Q\/xCkJ2\/FKzVL5CEJFUMHrR9+nBartpqxP05ypzIuWYoty\/EKPzESUaLPvsACxjxpuq1\/EShw3xehTGP4lzW9ELxZo4ob8rmKWH5xy81PCe2ClfOroISutHqD40zQvj0hnRmWBK0W0myUEZVRV4IMAalDU53Qm4o0CJHBr8WfegeEqTB7qyZYAoNfSwv1EgIVkqmb349jAhaCVk7q7PFuOOZzkel9fx8Ix80FwYCi+Ikda2bl9y\/BPQMvOPaYpe0RMRQZoe+Gt2My+l5MoRv7hgdlLBXsuD2suT600hhgez9ouAPy6W2l3cGiugYJeL6TOvCuCaPEnNWXGkedl\/U\/+5nmRhjgGR4vHBT97b7fNYLG2+jWxOXIGyJ3T6nn7cy33on9p6RW3okfOgPcUrQ7uOs32YIxNW7s5UJ3X4LPxNrPJyBYoVPzIKK7qXFwGMIUDsETi0zXDALFxESgJ+vfd\/Qpqg8UeIWn0vCvQfDTaBiz2G5bFILF\/31VLz+f7kf3t8eOqHaL2HH\/BLl\/IlUB4UQsB0puS0Vm9N2Zj3qlvfNtr73ZJJ9GNfy6DqkemWGY66QWKyO8Q6xN13zxzNWEnm2ACzLoRMy4bM+fpP15m2LeG+DdezfkHUfDWFmQq5Bh5jJsKf5Z0zeuHh8TOfgElYumVfTCjzNsHNsZKBxRXnKaxChci4RywELTlmtnkxdieWYG6QFq+dAetgwUvzY6oazaVirbGGuEdq3txTwnbL3PS2+bi89k\/xZnllSwTG5aoSJ1ffVF5TQfV5i6PFHR4IrYu2tk+ax2FTAKrZBj\/DOU+CdLbxNKqj\/fPafmSaHDhg2H3k0OlcAkBoPd+FnYCns52k6+r2jXP4cnifWEX1biQB4+plOKZgd+oGchPX+MARL3eCzTayIP57BtnyaXEa5frcmwoeTxuy\/vdpJUO7lTEqGNEJgSangDUvgdtN+hREdf86wXhUYvrwXjaT07Pqx9dG+F\/wPN1o37+4ZP8r4lVBbspJZovHg\/4zTvf7g9f01m2bn6n0zOTqB+ve1y2Xb6L3D0dAy2tBwif9sdDGanumq+Koa\/lw34VcWK4eK\/q\/O1dvNwIavzop\/C781sdEmRuohjSCqPyalurO\/jlrNhM6pzLJdDE3QT+bsW4\/y6RyXPwuRMhYWfH3JPNsM4TQsxotY8tYPxza8tX0+1LiZntZNvB3CsNJTa5QJVUhwwS24pMRHpfSP9VqeVkbVwl52V414SI9r4U719W\/7hQA5xwPps\/4XdLR68iiNZaRj3wt02axL9TcJG296k0BxfZJe0HRGKjOcbVuQFgA13l7YrvP\/5uHbYRO3pSY4m4ZTW5M7YbF+OXzgaJhfGAOSvKbFICZhAMu6Tv9ULfJZnxyUnTlEy2Ejld8Fdve4qXCh5AacIxapgw1fzRLUvKLKI7EQ5tlJ9VTZqvnaV1yE8ORUeDjmyDE1lKia8bdRJ8teb5Xuh5fEJodTAd1kEiKZQk+qdBLxsXhVNnc21\/CldJSVD3FxKqRlhnys91y8riM0a3xkOOTNsYlHxDA8u0Rirfmd7Zqwa2om77b0FldUFXrq0\/btgCQtDK8Pv4uXd8Ui7Rsvr0h50bzhu90QmZ40ZxHIrt\/ecFfnXIcJZbQFrq7lUN9uXHkpkx0I8mcGsDRHN9S2mZ8qJIKCD4RQ29lRYx5yCVILHczNtAYQhE\/o2A09TGUmkAsWLqpyS3oaZEDBVHXmsu3iQ5cu0swcPeYxyAczTsWfOQBc2a5KlPPw93TmcxVuBqmBM2Hl2qi3XnRcr+Zvdr7h6dTASazwnchFdbU7BHqKkddBscp1K0W0wGZzrg9c8som0myjCFpPBelNTXZ0ZrdIftsO2AK+4Qhkztt8Vgq7aajy2AiP8Rtb4nrB9sp3F\/\/qhNoMivutuGtpAUf+7xAvJKtvf1F+j\/jvGB\/n8BPRY2Zv8\/jg9MuffyEtD\/wztC+d9l\/xvzSPa\/zKOQ3SVicA7Njin0LiEkvgDMu7IbMCHkVl0P+jjTSV6\/fJcCHLFdyMHWM5kF60QZoLU3hVh\/oHx\/HApnJUYt4yaPJaMrhdTPZdP2bduOUcv5pZfLDrZYjS5Fhv8Sj1YZ1ZneruygiHriTf3CnQtpWu+9\/p4isgXE\/nfNxFDk1JEPincuqm5rqzVyMsjZWC9SLyjO3d1kTPQTmkvDevqLJv\/pRzSEaPRuzI51uILUZD6zoTGazXVqtZ8UJXiCGCqy9UicczZRM+mPlLcH8n9vFdL\/3gNHEzcDR+P\/2bH\/pcZUHjKFBwUC+m\/h\/x\/U1nZmdnSG1gZGVvT2tmYRCnLi8DDY\/90OLykhqvSfWe8\/hfFfshKQdYNzIxAQyJKkqJCKxGhzoq6EssGf0bz6TKQLVgFySzlZh1AKl2MpO2rZEIX+BbJAF6IUJDJnRcyQkKk5WOVyqA8FqYIvSqX4C3Ki8qEB0wts5cUmxInpuOlSo9Muu1uu23uj5ABuP\/XfU4\/fz5zGNNCZ\/mrmU+JvmaxFm7Udv+B6qPgdUzEILH\/t6s43whh\/w\/LwsCxn9hFhE5Wp7M0nJAhCHCyT\/FSSP4Vkr21T\/lgzsmdCkk+gW+bEKk46gOIj\/tESSJTvSSs1jov2e9LyG+gkdkeV2RGRMKtH7eXL5gt4qILb8T0yK3LgEkgtZEuGRkLMjj1mLbbuKM8nFrEXMLqL0WcElHVJ2FnaiO187TT8b\/eQ1CcKA7CCU0n+Hcf2LZ6nrpwzdJkNVmY8eX33F5WE0d7xHSq4T4L4vGm9+fh0fVG7ELzGVscdsV7\/fAGxJxH+nndwXuyHk22k6pkmuWugv9NFwdispfFkMEECvMJncKKJbZvhHUuGh8TLXt4Dk+MKa4z0CdEHEOb5WbtE2F8ItYlPIBPnEwdpkZt7EHgQfI130YCGbTGjGOWG78S7lGeXu2hbjZTMMxoJT5jpsRmWq6RY7YKI3Nmw0n1o+etAf182TuX9t7oefO6zEaxG6aVWISs7RqIh1It7I\/e2u1sEw0Z1fDwZcSMjFWpVhBkoraCeYefwUwmSj9adXNL5YqRItbLbUGpPLulhNfN3bbtAlHt31TSjYN5GeBfh8+QU5jgeQY7BsvbjDwPK\/JjZzaJ2fj1ECMxvfq55zEGoHtjrQj2ssHXheJbFF9A9HMI9P+gso\/48eTLceXnriYJt3DVqNN497hURpCNMX5f5S7kpA2\/xT1i3k9dwgNw5uCMo24YhTsvZgyPi49FKAgcfRbEWxbx2nOrig3H73Bgd8eqbmBf2XYcDRFmte4tr9yDpAindBtB3X+o0CDPUxTpQN5UU1kzj9dXcRInA5obGxbZP3Mt\/z7mkmJxorbB+4P83emjHFIt2QYCA8v9jJLz\/m5HMHA08\/uujS7g7p9PjxANDff295yd7aJAFB0HakX440ss1u1GQCi9gfqJauEHsatZtYpjiLqnAr0CsPxnpmhrra1yc7W0e7u9v4GAhYkNDZKQlxSbGx0foaCnJqirLS2xNTS7Oz0\/wcDHRsjLTU3S0NdbW11d4uDnZujrbW3y83V0+3qgNpZLMjIwVXh2coe64u9xsjW+pAYLab\/yhm4ggH2DkGTIOUA+O1HvWt9fHAo33v34\/c7JUMiMdI5mn\/Gb0Nd62beRT1f03xwYjk+sIHhQDpJ1\/drt3h7xWPWY9dt+yrggyP7p\/szt3VvzcKn8WTUbBYVLlWyvu\/+14U3qOdFSwAZTZXHf0l\/R7+1tsfc7RMuqAyXAStf2kBco3nI\/UT0pxrA4xmgQMmXfpRgysHi7VTkpre3cAIMQ71V5tggJPI\/IFc0fwrvWIBJ1qFkusj7\/olDZrbFziBwemeXU400GIUmcbLbp6G707t+KJeQKzyT4zZWmOenRcBD77Y387R2GnKPASWFLfXTy7heYfatWj8nC4NB3oatJ9r3NUTDk7h0KkYasGVE9yvHx4yuQHLiVHG2lw4ux2EwdOrdxeJluyP2N7DPO4t\/m5wdfpdv08NT\/jXDCnODpKm2yyz8fwvs9yOuv\/zmgThOWj36hVvXb6frExTX2npcmftjD8GhJ8+nrltRA2V75Nf2R+PiKmfyXtfj5uhW7K76hvO8u4JVc\/RwlUunXnhvxWHzevY7Cju8JOM+ihQnNvtVUSkpEICbwM3VOfHLLDrjdTvN9Pez3reKp22\/2yTzPArufdZc4uctv90eSd3W\/c32jBWG91CWOHle9ycDglB23ZtZLG6N71CnB6db3xn+4I1Zk+b8X+\/Km1bGtp73kL+SggYBk05gHIdo\/ZtUmO289vTdod0r1K0NbsfVbwNkpW2+WJfHW7paLM38NOZcGrlJD+PH6byFhU22pOfNhwUwp5dny0VztJmYP8z7v7fznjSxOnMYYcGIhUARgI5\/\/oDANjC1szejML06tvI29yg7VW6BHXhXqbTdeF82IeydEWGxw3680Wm\/+Mrc3ZTgLXnfWM9d2bmagcnwuj5boLbbzVe4HZx8rExISjk\/kyyBLIbkjgCBzCoxNbRhF6YJAAwt+oIDCoOsp7bTEZUcnAlAQs3CcBuW6hvkB\/Qf+539Hn3zY8MFzK7Z73aV565flhH6Zl4KUiiD8ZZlkp6tq6zpvzs5yat22qu+7bQF5O18XnDkZ\/YfFGqt2dTKVzjKtYLdVodMlreT1drbaPsFhM5XD4Sq25XW21u9Gs2G31eHxMbfn9fX+AbwgDiLYI9\/cLFGmRmfrn71nrJR2gK0jH6y00g7GQv\/TBQ\/TXS9sTAsVSwMm4TagSVUPYKk16sbNStFQ3eYqdmr08xT7gqcOCmadGRgYTa0rNNCiuMTDOT7PVVinTdFtaItz4IhEWkr5e5OvZv+Rr\/9kJ39zMExTl3gtK76BkthHJKc+ER3bX58+hwFbVf+7v2eM+MCmCfAaB2stSK2UEQAwFHAZPtJYpgX8ByZxbYbgZRwr5MTzbpOiGAWnyqy16UBgtHVbL6K0+Pd4BJBrbC62z9GL\/nDyux553bUidfT\/iTpBNiNs9l5ynYNNJqF8qqF24gOmO0+amrzRwlSRPi0jJ+0hPIVA8indNwFXk4DP4k2uwBW\/v+Oe80kFedV7\/5SDOvd1B6xQpAQvYBerEXA8av2MK4wDTK8shMjlHk7vsTQiTJs3OhNNCwU0jkXGp2t7xYN+7NKFFBAqFR1aeiJ3DFPacWwkevE+W6OOz45lC4PUf2zWFnQJ35O6\/OeG+nLZULOQtED9Nusw50hebtv7bBnp87nstCikrQfkG8fbFnnUIK8Oiew8WlEQc6sOKsC0GYnaEAb2FTgn+KsQDkBQSYyuAeB7cepmExety3IYmUU9dcjuclZ2Ooxyn3o7pGuKajq3MO76Jy8ekCwci3BoEE4PRTv\/jmfQEizO8\/1ly83ecos5SlFpyIHB4TKMcjYyJphR+yGodKQnSIjQ96fJ3Om9aWiSCmwVM47wNE8KQ7DCdnLOw4GpA0zbv3cT+LUdxXQb9G34MPlmVZprER6YI4lWZjZeqb16bSgJDqZROMoKDSkB68uqFhy6gaR+fkk5Fho9KKlm+1Z5j"} +00973{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184944,"flow_last_seen":1654385184969,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":8865,"flow_avg_l4_payload_len":2955,"midstream":1,"thread_ts_msec":1654385184969,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184982,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1654385184982,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_msec":1654385184982,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184982,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1654385184982,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2407,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385185015,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} +04442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2408,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_msec":1654385185015,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2408,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184982,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":1515,"midstream":1,"thread_ts_msec":1654385185015,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2427,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1654385184944,"flow_last_seen":1654385185026,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":5712,"flow_tot_l4_payload_len":109025,"flow_avg_l4_payload_len":3407,"midstream":1,"thread_ts_msec":1654385185026,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2503,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":1654385185166,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1654385185166,"pkt":"nLbQ0+MztKXvZygQCABFAADe9z5AACoGBubKmcQ1wKgCfgBQ5Ybmg6trug1byIAYAPOTtwAAAQEICkyTXI+9cmjoSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2504,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":1654385185942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1654385185942,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229374,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229374,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385229374,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} +00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229374,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229374,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1654385229374,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229375,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1654385229375,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_msec":1654385229375,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229375,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1654385229375,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"de01.rayjump.com","url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_last_seen":1654385229376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_msec":1654385229376,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229377,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229377,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385229377,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} +00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229377,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229377,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1654385229377,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229378,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"flow_min_l4_payload_len":1249,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1249,"flow_avg_l4_payload_len":1249,"midstream":1,"thread_ts_msec":1654385229378,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_msec":1654385229378,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229378,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"flow_min_l4_payload_len":1249,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1249,"flow_avg_l4_payload_len":1249,"midstream":1,"thread_ts_msec":1654385229378,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"tknet-cdn.rayjump.com","url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_last_seen":1654385229379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1654385229379,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00701{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385229377,"flow_last_seen":1654385229379,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":524,"midstream":1,"thread_ts_msec":1654385229379,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"de01.rayjump.com"}} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2513,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_last_seen":1654385229398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1654385229398,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} +00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1654385229413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_msec":1654385229413,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229450,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385229450,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_msec":1654385229450,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229450,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385229450,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"impression-east.liftoff.io","url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229460,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"flow_min_l4_payload_len":694,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":694,"midstream":1,"thread_ts_msec":1654385229460,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_msec":1654385229460,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01362{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229460,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"flow_min_l4_payload_len":694,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":694,"midstream":1,"thread_ts_msec":1654385229460,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"adexp.liftoff.io","url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1654385229557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1654385229557,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} +00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2523,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1654385229568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1654385229568,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} +02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":3,"flow_last_seen":1654385231913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385231913,"pkt":"tKXvZygQnLbQ0+MzCABFAAXU7FhAAEAGNfzAqAJ+I5wsDaY6AFDzNbM3O3\/xc4AQAfUYlgAAAQEIChlnG+IPV8RmR0VUIC9jbGljaz9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJR25SJTJGaVVqUFdVTk1XVVJBZiUyQmVJaUI5ZWlVaiUyRmlVUlRXVWhBNmRlSURVUVFpVWxiZkFEQWZueDNpVVZQSCUyQk0yRGtpRkRuU3JIMFQ5SGFqOVduTmJEcml3RG4zTWkwVEJHYWpCREZETURBUjJpazVJNmFqTWlnTUJpZE1lNmFTSWluaDFHVWZJNjdLTUhrUHRoN1FJNjdjYmhGSDhMQXRBNmRzMEo3NXdoalEzUlV1T1JVM01mb1IxaSUyQjJLNmRzMERGbDBHVWpNaWF2ZVdvejNoYlN1SG9SMWZVVnNScmZ1SG9SMVJValRpQWxUZlpSc1JyYzNZWlIxa0J6dDRyY0JZN1FGSFpQVVlGVDAlMkJaTTBEck4wRzB6VVlGVCUyRkQlMkJ1dGhyZXVKclYlMkZEa1AzaHJLdUhvUnNSZ1NCTGtmUSUyQkZRJTJGUlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZZYjVUUlVFQWlVMyUyRmZVM0JpQk0wTCUyQmY2TDdSMEdVdnNSZ1NCTGtmUSUyQmJ6dEpCUjFpQVJQV1VEUGlVaXNSZ3h0NG9SMWlaTTBIcmM4SFpSMWlaTTBEJTJCNVVKN1FYWTBSMWlaTTBEa0g2SjdjOVJVRUFpVTMlMkZmVTNCaUJNMGhkenVERjU2aHJEMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhnTjBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIZ3h0UlVFQWlVMyUyRmZVM0JpQk0wSGdTQkxrZlFSVUVBV1VSUGZVM0JpQk0wRCUyQnhQaDdWMEdVanNScnRyUlVFTVdvekFIa2Y2aGR6dURGVjBHVVIyaW9NMERiNUJocjUlMkZEYjMwRzB6NVZUTjBXb3pCSjdjZ1JVdU9SZ3hyWTdLYlJVRTBIVVYwV296VEw3NXdMJTJCaTBHMHpYSjd0UWhnaTA2Wk0waEZ6VERraDBHMHpvV2t4QWhvMlZWMHpLNmFTSTZkZUk2ZGVPUnI1VUhkTjBHVWpBaWFSc1JyeEFoY0tVaHJRM1JVRWVmYVJGR25sTWlhMzlXb3pUREZ4VFJVRTA0Mk0wWSUyQkg2TGRRMEwlMkJ6MyUyQkZ4JTJGaDJNMEdVUnMlMkJvek1ZanglMkZoMk0wR1VjS1IwTTBKN3dVWTBSMWlvTTBKclEzJTJCRkhVUlVFZVdvenRIZGZNRGtmUSUyQmJ4UGg3VjBHVXZzUnIydEo3NUJMa2NzJTJCYnhQaDdWMEdVdnNSclFGJTJCYnhNWWNLVFJVRU1Xb3pUaDd4VEpvUjFpb00wREZ4JTJGJTJCYngzRGt6VFJVRTBEbmowNiUyQk1iNmFSYmluUmU2YVNJNmRzMFlyNVRIQlIxUjB6SzZhUiUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBW"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232006,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":559,"flow_tot_l4_payload_len":559,"flow_avg_l4_payload_len":559,"midstream":1,"thread_ts_msec":1654385232006,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1654385232006,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232006,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":559,"flow_tot_l4_payload_len":559,"flow_avg_l4_payload_len":559,"midstream":1,"thread_ts_msec":1654385232006,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"play.google.com","url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232040,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"flow_min_l4_payload_len":927,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":927,"flow_avg_l4_payload_len":927,"midstream":1,"thread_ts_msec":1654385232040,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_msec":1654385232040,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232040,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"flow_min_l4_payload_len":927,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":927,"flow_avg_l4_payload_len":927,"midstream":1,"thread_ts_msec":1654385232040,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"click.liftoff.io","url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1654385232057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_msec":1654385232057,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} +01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1654385232085,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_msec":1654385232085,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232158,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1654385232158,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1654385232158,"pkt":"tKXvZygQnLbQ0+MzCABFAAElDRhAAEAG8E3AqAJ+CNFwdopiAFAUf4ZSerS+DlAYAfY9hQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDIxOTkNCkhvc3Q6IGFuYWx5dGljcy5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232158,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1654385232158,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"analytics.rayjump.com","url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1654385232158,"pkt":"tKXvZygQnLbQ0+MzCABFAAXMDRlAAEAG66XAqAJ+CNFwdopiAFAUf4dPerS+DlAQAfZCLAAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPXJpZCUyNTNENjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4JTI1MjZuZXR3b3JrX3R5cGUlMjUzRDklMjUyNm5ldHdvcmtfc3RyJTI1M0QlMjUyNmNpZCUyNTNEMTk5NDQzNjUyOTklMjUyNmNsaWNrX3R5cGUlMjUzRDElMjUyNnR5cGUlMjUzRDElMjUyNmNsaWNrX2R1cmF0aW9uJTI1M0QxNjUlMjUyNmtleSUyNTNEMjAwMDAxMyUyNTI2dW5pdF9pZCUyNTNEODg4MSUyNTI2bGFzdF91cmwlMjUzRGh0dHBzJTI1MjUzQSUyNTI1MkYlMjUyNTJGcGxheS5nb29nbGUuY29tJTI1MjUyRnN0b3JlJTI1MjUyRmFwcHMlMjUyNTJGZGV0YWlscyUyNTI1M0ZpZCUyNTI1M0Rjb20uYXphcmxpdmUuYW5kcm9pZCUyNTI1MjZyZWZlcnJlciUyNTI1M0RhZGp1c3RfZXh0ZXJuYWxfY2xpY2tfaWQlMjUyNTI1M0R2LjJfZy4xNDM4NDVfYS5mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGFfYy4xMTdfdC51YV91LmU3ZGY4NzI0N2NiY2VhMTMlMjUyNTI1MjZ1dG1fY2FtcGFpZ24lMjUyNTI1M0RUZXN0JTI1MjUyNTJCQ2FtcGFpZ24lMjUyNTI1MjZ1dG1fY29udGVudCUyNTI1MjUzRFRlc3QlMjUyNTI1MkJTb3VyY2UlMjUyNTI1MkJBcHBfMTIzNDU2Nzg5JTI1MjUyNTI2dXRtX3NvdXJjZSUyNTI1MjUzRExpZnRvZmYlMjUyNTI1MjZ1dG1fdGVybSUyNTI1MjUzRFRlc3QlMjUyNTI1MkJDcmVhdGl2ZSUyNTI2Y29udGVudCUyNTNEbnVsbCUyNTI2Y29kZSUyNTNEMzAxJTI1MjZleGNlcHRpb24lMjUzRG51bGwlMjUyNmhlYWRlciUyNQ=="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1654385232158,"pkt":"tKXvZygQnLbQ0+MzCABFAAA4DRpAAEAG8TjAqAJ+CNFwdopiAFAUf4zzerS+DlAYAfY8mAAAM0RzdGF0dXNDb2RlJTI1Mg=="} +01707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1654385234215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_msec":1654385234215,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5hAAEAGlqbAqAJ+A3q+RoESAFCRYAMSk9FZrYAYAfWIrAAAAQEICpYlcA1PQpg8R0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0yIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385235892,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"flow_min_l4_payload_len":1229,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1229,"flow_avg_l4_payload_len":1229,"midstream":1,"thread_ts_msec":1654385235892,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_msec":1654385235892,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385235892,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"flow_min_l4_payload_len":1229,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1229,"flow_avg_l4_payload_len":1229,"midstream":1,"thread_ts_msec":1654385235892,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1654385236487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_msec":1654385236487,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1654385140779,"flow_last_seen":1654385145113,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":8192,"flow_tot_l4_payload_len":19639,"flow_avg_l4_payload_len":1963,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1654385140794,"flow_last_seen":1654385145146,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":7200,"flow_tot_l4_payload_len":59466,"flow_avg_l4_payload_len":2831,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1654385156800,"flow_last_seen":1654385156865,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":29208,"flow_avg_l4_payload_len":1718,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.GoogleServices","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385184117,"flow_last_seen":1654385184139,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":796,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1654385140824,"flow_last_seen":1654385145140,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":1390,"flow_tot_l4_payload_len":5240,"flow_avg_l4_payload_len":873,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1654385140835,"flow_last_seen":1654385157149,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":14400,"flow_tot_l4_payload_len":88367,"flow_avg_l4_payload_len":2761,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1654385140836,"flow_last_seen":1654385145144,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":1654,"flow_tot_l4_payload_len":7737,"flow_avg_l4_payload_len":1105,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385140850,"flow_last_seen":1654385141035,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":1721,"flow_tot_l4_payload_len":2135,"flow_avg_l4_payload_len":1067,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229450,"flow_last_seen":1654385229557,"flow_idle_time":7580000,"flow_min_l4_payload_len":75,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1654385184938,"flow_last_seen":1654385185019,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":5712,"flow_tot_l4_payload_len":97422,"flow_avg_l4_payload_len":3247,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":94,"flow_first_seen":1654385184944,"flow_last_seen":1654385185098,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":8568,"flow_tot_l4_payload_len":367244,"flow_avg_l4_payload_len":3906,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1654385184944,"flow_last_seen":1654385185046,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":89447,"flow_avg_l4_payload_len":3440,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1654385184982,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"flow_min_l4_payload_len":251,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4797,"flow_avg_l4_payload_len":1199,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184845,"flow_last_seen":1654385185166,"flow_idle_time":7580000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1214,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184857,"flow_last_seen":1654385185942,"flow_idle_time":7580000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1214,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1654385176794,"flow_last_seen":1654385178653,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":19289,"flow_tot_l4_payload_len":216361,"flow_avg_l4_payload_len":6363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1654385176795,"flow_last_seen":1654385178226,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":24480,"flow_tot_l4_payload_len":116983,"flow_avg_l4_payload_len":4874,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1654385176794,"flow_last_seen":1654385178039,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":12423,"flow_tot_l4_payload_len":87831,"flow_avg_l4_payload_len":3992,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229460,"flow_last_seen":1654385229568,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":432,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1654385142780,"flow_last_seen":1654385142861,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":28083,"flow_avg_l4_payload_len":2160,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1654385145219,"flow_last_seen":1654385147933,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":248006,"flow_avg_l4_payload_len":4350,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1654385146263,"flow_last_seen":1654385158374,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":15840,"flow_tot_l4_payload_len":195184,"flow_avg_l4_payload_len":3753,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1654385146253,"flow_last_seen":1654385148239,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":144162,"flow_avg_l4_payload_len":4004,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1654385146276,"flow_last_seen":1654385147585,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":98936,"flow_avg_l4_payload_len":3091,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1654385146284,"flow_last_seen":1654385147935,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":133307,"flow_avg_l4_payload_len":4300,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385134408,"flow_last_seen":1654385136566,"flow_idle_time":7580000,"flow_min_l4_payload_len":225,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":1447,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1654385146276,"flow_last_seen":1654385147926,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":128312,"flow_avg_l4_payload_len":4935,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184174,"flow_last_seen":1654385184282,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":1374,"flow_avg_l4_payload_len":687,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156962,"flow_last_seen":1654385157145,"flow_idle_time":7580000,"flow_min_l4_payload_len":682,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1794,"flow_avg_l4_payload_len":897,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156971,"flow_last_seen":1654385157153,"flow_idle_time":7580000,"flow_min_l4_payload_len":766,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1880,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156978,"flow_last_seen":1654385157162,"flow_idle_time":7580000,"flow_min_l4_payload_len":508,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1626,"flow_avg_l4_payload_len":813,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156997,"flow_last_seen":1654385157178,"flow_idle_time":7580000,"flow_min_l4_payload_len":680,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1793,"flow_avg_l4_payload_len":896,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385157001,"flow_last_seen":1654385157186,"flow_idle_time":7580000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385141046,"flow_last_seen":1654385141076,"flow_idle_time":7580000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":2351,"flow_avg_l4_payload_len":587,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385235892,"flow_last_seen":1654385236487,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1663,"flow_avg_l4_payload_len":831,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1654385143337,"flow_last_seen":1654385143386,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":20884,"flow_avg_l4_payload_len":1898,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385232006,"flow_last_seen":1654385232057,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":668,"flow_tot_l4_payload_len":1227,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1654385229375,"flow_last_seen":1654385231942,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3139,"flow_avg_l4_payload_len":523,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1654385229377,"flow_last_seen":1654385229406,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1728,"flow_avg_l4_payload_len":432,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385232040,"flow_last_seen":1654385234239,"flow_idle_time":7580000,"flow_min_l4_payload_len":598,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":3050,"flow_avg_l4_payload_len":762,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183491,"flow_last_seen":1654385183514,"flow_idle_time":7580000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":1204,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183496,"flow_last_seen":1654385183520,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":1640,"flow_tot_l4_payload_len":2431,"flow_avg_l4_payload_len":1215,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183495,"flow_last_seen":1654385183517,"flow_idle_time":7580000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":1191,"flow_avg_l4_payload_len":595,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183618,"flow_last_seen":1654385183642,"flow_idle_time":7580000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":1485,"flow_avg_l4_payload_len":742,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385127293,"flow_last_seen":1654385127488,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":734,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385119050,"flow_last_seen":1654385119358,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385119973,"flow_last_seen":1654385120216,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385120896,"flow_last_seen":1654385121164,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1654385232158,"flow_last_seen":1654385232180,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2540,"flow_avg_l4_payload_len":508,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229378,"flow_last_seen":1654385229413,"flow_idle_time":7580000,"flow_min_l4_payload_len":353,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1602,"flow_avg_l4_payload_len":801,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1654385131029,"flow_last_seen":1654385180912,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":635658,"flow_avg_l4_payload_len":5996,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385181857,"flow_last_seen":1654385181897,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":983,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":696,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385129508,"flow_last_seen":1654385129813,"flow_idle_time":7580000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":627,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1654385184927,"flow_last_seen":1654385185032,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":8568,"flow_tot_l4_payload_len":239007,"flow_avg_l4_payload_len":3918,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1654385136207,"flow_last_seen":1654385137795,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":179965,"flow_avg_l4_payload_len":5141,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1654385136206,"flow_last_seen":1654385180918,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":23040,"flow_tot_l4_payload_len":523278,"flow_avg_l4_payload_len":6381,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385127244,"flow_last_seen":1654385127425,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1654385229374,"flow_last_seen":1654385236412,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8604,"flow_avg_l4_payload_len":537,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1654385136215,"flow_last_seen":1654385137803,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":264022,"flow_avg_l4_payload_len":7333,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385128878,"flow_last_seen":1654385130178,"flow_idle_time":7580000,"flow_min_l4_payload_len":496,"flow_max_l4_payload_len":2746,"flow_tot_l4_payload_len":4982,"flow_avg_l4_payload_len":1245,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1654385136216,"flow_last_seen":1654385137795,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":37440,"flow_tot_l4_payload_len":124465,"flow_avg_l4_payload_len":8890,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385128878,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"flow_min_l4_payload_len":817,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":1688,"flow_avg_l4_payload_len":844,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385129449,"flow_last_seen":1654385129804,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":1181,"flow_avg_l4_payload_len":590,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":80,"flow_first_seen":1654385140171,"flow_last_seen":1654385145302,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":8640,"flow_tot_l4_payload_len":177845,"flow_avg_l4_payload_len":2223,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385139579,"flow_last_seen":1654385139941,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1384,"flow_avg_l4_payload_len":692,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":2549,"packets-processed":2549,"total-skipped-flows":0,"total-l4-data-len":4952452,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1083,"global_ts_msec":1654385236487} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 1439/1439 +~~ packets captured/processed: 2549/2549 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 552863 bytes -~~ total detected protocols..: 109 -~~ total active/idle flows...: 129/129 -~~ total timeout flows.......: 0 +~~ total layer4 data length..: 4952452 bytes +~~ total detected protocols..: 177 +~~ total active/idle flows...: 197/197 +~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6111841 bytes -~~ total memory freed........: 6111841 bytes -~~ total allocations/frees...: 119998/119998 +~~ total memory allocated....: 6241090 bytes +~~ total memory freed........: 6241090 bytes +~~ total allocations/frees...: 121503/121503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 458 chars -~~ json string max len.......: 2444 chars -~~ json string avg len.......: 1451 chars +~~ json string min len.......: 384 chars +~~ json string max len.......: 15998 chars +~~ json string avg len.......: 8191 chars diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out index eb986c9d1..335503eac 100644 --- a/test/results/443-chrome.pcap.out +++ b/test/results/443-chrome.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868026 bytes -~~ total memory freed........: 5868026 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5871413 bytes +~~ total memory freed........: 5871413 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 2429 chars diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out index 1db14bb7f..494b6c7d2 100644 --- a/test/results/443-curl.pcap.out +++ b/test/results/443-curl.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874026 bytes -~~ total memory freed........: 5874026 bytes -~~ total allocations/frees...: 118200/118200 +~~ total memory allocated....: 5877413 bytes +~~ total memory freed........: 5877413 bytes +~~ total allocations/frees...: 118224/118224 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 1104 chars diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out index 08beb806a..9a605f331 100644 --- a/test/results/443-firefox.pcap.out +++ b/test/results/443-firefox.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890262 bytes -~~ total memory freed........: 5890262 bytes -~~ total allocations/frees...: 118759/118759 +~~ total memory allocated....: 5893649 bytes +~~ total memory freed........: 5893649 bytes +~~ total allocations/frees...: 118783/118783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1170 chars diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out index 92e6ed98c..756d8f5c3 100644 --- a/test/results/443-git.pcap.out +++ b/test/results/443-git.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876405 bytes -~~ total memory freed........: 5876405 bytes -~~ total allocations/frees...: 118163/118163 +~~ total memory allocated....: 5879792 bytes +~~ total memory freed........: 5879792 bytes +~~ total allocations/frees...: 118187/118187 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1212 chars diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out index 6fc7d98f5..f2e21eddf 100644 --- a/test/results/443-opvn.pcap.out +++ b/test/results/443-opvn.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869331 bytes -~~ total memory freed........: 5869331 bytes -~~ total allocations/frees...: 118132/118132 +~~ total memory allocated....: 5872718 bytes +~~ total memory freed........: 5872718 bytes +~~ total allocations/frees...: 118156/118156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 689 chars diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out index c96263647..d95e1b8fd 100644 --- a/test/results/443-safari.pcap.out +++ b/test/results/443-safari.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872084 bytes -~~ total memory freed........: 5872084 bytes -~~ total allocations/frees...: 118132/118132 +~~ total memory allocated....: 5875471 bytes +~~ total memory freed........: 5875471 bytes +~~ total allocations/frees...: 118156/118156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1148 chars diff --git a/test/results/4in4tunnel.pcap.out b/test/results/4in4tunnel.pcap.out index ec07ae18f..1606f5f73 100644 --- a/test/results/4in4tunnel.pcap.out +++ b/test/results/4in4tunnel.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars ~~ json string max len.......: 555 chars diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out index ad9c54ae6..b26884a31 100644 --- a/test/results/4in6tunnel.pcap.out +++ b/test/results/4in6tunnel.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866065 bytes -~~ total memory freed........: 5866065 bytes -~~ total allocations/frees...: 118089/118089 +~~ total memory allocated....: 5869452 bytes +~~ total memory freed........: 5869452 bytes +~~ total allocations/frees...: 118113/118113 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 879 chars diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out index 9988a3a93..0be54ed86 100644 --- a/test/results/6in4tunnel.pcap.out +++ b/test/results/6in4tunnel.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869632 bytes -~~ total memory freed........: 5869632 bytes -~~ total allocations/frees...: 118212/118212 +~~ total memory allocated....: 5873019 bytes +~~ total memory freed........: 5873019 bytes +~~ total allocations/frees...: 118236/118236 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 657 chars diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out index e34e37e52..6a1ba78d4 100644 --- a/test/results/6in6tunnel.pcap.out +++ b/test/results/6in6tunnel.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867039 bytes -~~ total memory freed........: 5867039 bytes -~~ total allocations/frees...: 118090/118090 +~~ total memory allocated....: 5870426 bytes +~~ total memory freed........: 5870426 bytes +~~ total allocations/frees...: 118114/118114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 604 chars diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out index 5f2a6ff6d..890e3512d 100644 --- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866355 bytes -~~ total memory freed........: 5866355 bytes -~~ total allocations/frees...: 118099/118099 +~~ total memory allocated....: 5869742 bytes +~~ total memory freed........: 5869742 bytes +~~ total allocations/frees...: 118123/118123 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 692 chars diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out index 552263f68..944642190 100644 --- a/test/results/BGP_redist.pcap.out +++ b/test/results/BGP_redist.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars ~~ json string max len.......: 679 chars diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out index c85bbad0d..61e65d860 100644 --- a/test/results/EAQ.pcap.out +++ b/test/results/EAQ.pcap.out @@ -195,9 +195,9 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5902757 bytes -~~ total memory freed........: 5902757 bytes -~~ total allocations/frees...: 118380/118380 +~~ total memory allocated....: 5906144 bytes +~~ total memory freed........: 5906144 bytes +~~ total allocations/frees...: 118404/118404 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 449 chars ~~ json string max len.......: 922 chars diff --git a/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 264412a66..9486b68c7 100644 --- a/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6079370 bytes -~~ total memory freed........: 6079370 bytes -~~ total allocations/frees...: 125314/125314 +~~ total memory allocated....: 6082757 bytes +~~ total memory freed........: 6082757 bytes +~~ total allocations/frees...: 125338/125338 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 484 chars ~~ json string max len.......: 1641 chars diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out index 15e9469b7..f20d15343 100644 --- a/test/results/IEC104.pcap.out +++ b/test/results/IEC104.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867416 bytes -~~ total memory freed........: 5867416 bytes -~~ total allocations/frees...: 118103/118103 +~~ total memory allocated....: 5870803 bytes +~~ total memory freed........: 5870803 bytes +~~ total allocations/frees...: 118127/118127 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 691 chars diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out index 845ea86b0..7c4f7f8a1 100644 --- a/test/results/KakaoTalk_chat.pcap.out +++ b/test/results/KakaoTalk_chat.pcap.out @@ -242,9 +242,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6028084 bytes -~~ total memory freed........: 6028084 bytes -~~ total allocations/frees...: 118762/118762 +~~ total memory allocated....: 6031471 bytes +~~ total memory freed........: 6031471 bytes +~~ total allocations/frees...: 118786/118786 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1834 chars diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out index daab4b2be..8e837a86e 100644 --- a/test/results/KakaoTalk_talk.pcap.out +++ b/test/results/KakaoTalk_talk.pcap.out @@ -121,9 +121,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6005488 bytes -~~ total memory freed........: 6005488 bytes -~~ total allocations/frees...: 121370/121370 +~~ total memory allocated....: 6008875 bytes +~~ total memory freed........: 6008875 bytes +~~ total allocations/frees...: 121394/121394 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 1502 chars diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out index 952441f45..95ecb2917 100644 --- a/test/results/NTPv2.pcap.out +++ b/test/results/NTPv2.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 929 chars diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out index 66a95c4a0..f3c3ea1ab 100644 --- a/test/results/NTPv3.pcap.out +++ b/test/results/NTPv3.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 673 chars diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out index 0f2787cff..d35e0f884 100644 --- a/test/results/NTPv4.pcap.out +++ b/test/results/NTPv4.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 673 chars diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out index 486724e8d..b0a80c8b2 100644 --- a/test/results/Oscar.pcap.out +++ b/test/results/Oscar.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5900890 bytes -~~ total memory freed........: 5900890 bytes -~~ total allocations/frees...: 118167/118167 +~~ total memory allocated....: 5904277 bytes +~~ total memory freed........: 5904277 bytes +~~ total allocations/frees...: 118191/118191 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 683 chars diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out index ec6ac12db..171739a09 100644 --- a/test/results/WebattackRCE.pcap.out +++ b/test/results/WebattackRCE.pcap.out @@ -3197,9 +3197,9 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6833757 bytes -~~ total memory freed........: 6833757 bytes -~~ total allocations/frees...: 125207/125207 +~~ total memory allocated....: 6837144 bytes +~~ total memory freed........: 6837144 bytes +~~ total allocations/frees...: 125231/125231 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 1395 chars diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out index e1771debb..e91057a25 100644 --- a/test/results/WebattackSQLinj.pcap.out +++ b/test/results/WebattackSQLinj.pcap.out @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878893 bytes -~~ total memory freed........: 5878893 bytes -~~ total allocations/frees...: 118248/118248 +~~ total memory allocated....: 5882280 bytes +~~ total memory freed........: 5882280 bytes +~~ total allocations/frees...: 118272/118272 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 1075 chars diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out index 5f444248c..93ba7a520 100644 --- a/test/results/WebattackXSS.pcap.out +++ b/test/results/WebattackXSS.pcap.out @@ -3976,9 +3976,9 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6823723 bytes -~~ total memory freed........: 6823723 bytes -~~ total allocations/frees...: 129549/129549 +~~ total memory allocated....: 6827110 bytes +~~ total memory freed........: 6827110 bytes +~~ total allocations/frees...: 129573/129573 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 1123 chars diff --git a/test/results/afp.pcap.out b/test/results/afp.pcap.out index f33feb018..a12dbbf27 100644 --- a/test/results/afp.pcap.out +++ b/test/results/afp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866413 bytes -~~ total memory freed........: 5866413 bytes -~~ total allocations/frees...: 118101/118101 +~~ total memory allocated....: 5869800 bytes +~~ total memory freed........: 5869800 bytes +~~ total allocations/frees...: 118125/118125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 686 chars diff --git a/test/results/agora-sd-rtn.pcap.out b/test/results/agora-sd-rtn.pcap.out index 9dc88538f..0d0635a43 100644 --- a/test/results/agora-sd-rtn.pcap.out +++ b/test/results/agora-sd-rtn.pcap.out @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5903436 bytes -~~ total memory freed........: 5903436 bytes -~~ total allocations/frees...: 118563/118563 +~~ total memory allocated....: 5906823 bytes +~~ total memory freed........: 5906823 bytes +~~ total allocations/frees...: 118587/118587 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 768 chars diff --git a/test/results/ah.pcapng.out b/test/results/ah.pcapng.out index 132fb2fe4..28fd0c457 100644 --- a/test/results/ah.pcapng.out +++ b/test/results/ah.pcapng.out @@ -2,27 +2,27 @@ 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587338929051} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587338929051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587338929051,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="} +00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587338929058,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587338929058,"pkt":"qrvMAAIQqrvMAAMQCABFwAGCAJUAAP4RnwsKAwQECgIDAgH0AfQBbpMTHBhp9tKboMxXKornVXrZ7CEgIiAAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAA3\/NdSHtjsuV9lwu7r3PG72M7PTs97w7W7XWrjiKy83GusQxHzpqo7SyUw6CdLyZlI6GlvRXFFZQ37DazOAEOXk0lG8t6jBRQFWWSD0tGhA1+E9jC73KPJu4MHQQrp0dlKwAAJMsSzp7FMBmLLwjNerQt3fDJwl4MLQ75rKamBuCoU9JFKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABLSbKQHg76sTvA2s+iqtHO17zN+1AAAAHAAAQAXEF0AGtBGCSamsYpymSQTNLPEeng=="} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587338929067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1587338929067,"pkt":"qrvMAAMQqrvMAAIQCABFwAFkAJ8AAP8Rnh8KAgMCCgMEBAH0AfQBUGzjHBhp9tKboMxXKornVXrZ7C4gIwgAAAABAAABSCsAASyBDTrs2Pxvpq7JTnlskHs3y\/lcA4L2kN8fdzJ8fVpYrZTlpuZPtrueSIpYdb+qQTDV2NvMTrxEqmRiytNcmsMUgiqFEXykJmS3P10k8AYBydJ7jb5c3eyLXb1Xq+36+2tgOS1TpUTMh9FvAJkjDZuy9dxuXzbWMy9Bia4cikOr17km8gYu1TAmwh\/g9n514pWnNcM6640AaIdVe6A4QpHHMQEvu1nLtY9OQj13tjKJXcfVHJL\/tVSVAMUi+K5X3aJOMKyYeZBbVZrNRi8RFtvjXQRLRPFCTuUeShJfFRDznRua5syxQXi+6dd5t3q5F806SIRRAk975bBTw\/\/FxVkvix8dHReWdnoNuDuSDSHK8wVobcjOktkOzVZUVL8vxTTf4rHWn7VO+g=="} 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587338931051,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587338931051,"pkt":"qrvMAAMQqrvMAAIQCABFAAB8ABMAAP8zoDEKAgMCCgMEBAEEAABgSBb2AAAAAecyq6zhxgBG7sZB7QgAZwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} -00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPsec","breed":"Safe","category":"VPN"}} +00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587338931051,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587338931051,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} -00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} -00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPsec","breed":"Safe","category":"VPN"}} -00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1532,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587338931051} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587338931051} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 1532 bytes -~~ total detected protocols..: 1 +~~ total detected protocols..: 2 ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867155 bytes -~~ total memory freed........: 5867155 bytes -~~ total allocations/frees...: 118094/118094 +~~ total memory allocated....: 5870542 bytes +~~ total memory freed........: 5870542 bytes +~~ total allocations/frees...: 118118/118118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 917 chars diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out index 61f939fd0..d45f2a128 100644 --- a/test/results/aimini-http.pcap.out +++ b/test/results/aimini-http.pcap.out @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873626 bytes -~~ total memory freed........: 5873626 bytes -~~ total allocations/frees...: 118239/118239 +~~ total memory allocated....: 5877013 bytes +~~ total memory freed........: 5877013 bytes +~~ total allocations/frees...: 118263/118263 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 970 chars diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out index 4aa7d41b5..67f4605be 100644 --- a/test/results/ajp.pcap.out +++ b/test/results/ajp.pcap.out @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867735 bytes -~~ total memory freed........: 5867735 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 5871122 bytes +~~ total memory freed........: 5871122 bytes +~~ total allocations/frees...: 118138/118138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 202 chars ~~ json string max len.......: 1493 chars diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out index 012244621..a786042f6 100644 --- a/test/results/alexa-app.pcapng.out +++ b/test/results/alexa-app.pcapng.out @@ -1081,9 +1081,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6580715 bytes -~~ total memory freed........: 6580715 bytes -~~ total allocations/frees...: 122699/122699 +~~ total memory allocated....: 6584102 bytes +~~ total memory freed........: 6584102 bytes +~~ total allocations/frees...: 122723/122723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 189 chars ~~ json string max len.......: 2122 chars diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out index 88a47866c..d30c9c71f 100644 --- a/test/results/among_us.pcap.out +++ b/test/results/among_us.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 672 chars diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out index 18233cc86..0cd9a85e6 100644 --- a/test/results/amqp.pcap.out +++ b/test/results/amqp.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878797 bytes -~~ total memory freed........: 5878797 bytes -~~ total allocations/frees...: 118254/118254 +~~ total memory allocated....: 5882184 bytes +~~ total memory freed........: 5882184 bytes +~~ total allocations/frees...: 118278/118278 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1071 chars diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out index d8363cb13..bb8489c3e 100644 --- a/test/results/android.pcap.out +++ b/test/results/android.pcap.out @@ -387,9 +387,9 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6104082 bytes -~~ total memory freed........: 6104082 bytes -~~ total allocations/frees...: 119000/119000 +~~ total memory allocated....: 6107469 bytes +~~ total memory freed........: 6107469 bytes +~~ total allocations/frees...: 119024/119024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2361 chars diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out index 0c407c2be..9d665b405 100644 --- a/test/results/anyconnect-vpn.pcap.out +++ b/test/results/anyconnect-vpn.pcap.out @@ -404,9 +404,9 @@ ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6088033 bytes -~~ total memory freed........: 6088033 bytes -~~ total allocations/frees...: 121357/121357 +~~ total memory allocated....: 6091420 bytes +~~ total memory freed........: 6091420 bytes +~~ total allocations/frees...: 121381/121381 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars ~~ json string max len.......: 1592 chars diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out index 543f6351b..160b2b6db 100644 --- a/test/results/anydesk-2.pcap.out +++ b/test/results/anydesk-2.pcap.out @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5954592 bytes -~~ total memory freed........: 5954592 bytes -~~ total allocations/frees...: 120626/120626 +~~ total memory allocated....: 5957979 bytes +~~ total memory freed........: 5957979 bytes +~~ total allocations/frees...: 120650/120650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 1584 chars diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out index d81d03c1c..87584fb18 100644 --- a/test/results/anydesk.pcap.out +++ b/test/results/anydesk.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6075691 bytes -~~ total memory freed........: 6075691 bytes -~~ total allocations/frees...: 125061/125061 +~~ total memory allocated....: 6079078 bytes +~~ total memory freed........: 6079078 bytes +~~ total allocations/frees...: 125085/125085 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 454 chars ~~ json string max len.......: 1564 chars diff --git a/test/results/avast_securedns.pcapng.out b/test/results/avast_securedns.pcapng.out index e4b7f5171..bb995dd4f 100644 --- a/test/results/avast_securedns.pcapng.out +++ b/test/results/avast_securedns.pcapng.out @@ -215,9 +215,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5907398 bytes -~~ total memory freed........: 5907398 bytes -~~ total allocations/frees...: 118276/118276 +~~ total memory allocated....: 5910785 bytes +~~ total memory freed........: 5910785 bytes +~~ total allocations/frees...: 118300/118300 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 702 chars diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out index c215dd813..e196957bf 100644 --- a/test/results/bad-dns-traffic.pcap.out +++ b/test/results/bad-dns-traffic.pcap.out @@ -6,7 +6,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1486012624242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012624242,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1486012624325,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1486012624325,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} +01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1486012635073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012635073,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -16,16 +16,16 @@ 00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}} +01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1486012730177,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012730177,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1486012730381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1486012730381,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"} -00973{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} +01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1486012730381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1486012730381,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-data-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1486012733669} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 382/382 @@ -35,10 +35,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879313 bytes -~~ total memory freed........: 5879313 bytes -~~ total allocations/frees...: 118476/118476 +~~ total memory allocated....: 5882802 bytes +~~ total memory freed........: 5882802 bytes +~~ total allocations/frees...: 118503/118503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars -~~ json string max len.......: 978 chars -~~ json string avg len.......: 723 chars +~~ json string max len.......: 1087 chars +~~ json string avg len.......: 778 chars diff --git a/test/results/badpackets.pcap.out b/test/results/badpackets.pcap.out index a4681b11e..f5643794f 100644 --- a/test/results/badpackets.pcap.out +++ b/test/results/badpackets.pcap.out @@ -210,9 +210,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 209 chars ~~ json string max len.......: 2303 chars diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out index aee184177..222776c6a 100644 --- a/test/results/bitcoin.pcap.out +++ b/test/results/bitcoin.pcap.out @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5897790 bytes -~~ total memory freed........: 5897790 bytes -~~ total allocations/frees...: 118739/118739 +~~ total memory allocated....: 5901177 bytes +~~ total memory freed........: 5901177 bytes +~~ total allocations/frees...: 118763/118763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1833 chars diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out index 0fb483884..ddb5dad6e 100644 --- a/test/results/bittorrent.pcap.out +++ b/test/results/bittorrent.pcap.out @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6205572 bytes -~~ total memory freed........: 6205572 bytes -~~ total allocations/frees...: 118477/118477 +~~ total memory allocated....: 6208959 bytes +~~ total memory freed........: 6208959 bytes +~~ total allocations/frees...: 118501/118501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1461 chars diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out index a05ac0c3d..35300f1d6 100644 --- a/test/results/bittorrent_utp.pcap.out +++ b/test/results/bittorrent_utp.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6130603 bytes -~~ total memory freed........: 6130603 bytes -~~ total allocations/frees...: 118173/118173 +~~ total memory allocated....: 6133990 bytes +~~ total memory freed........: 6133990 bytes +~~ total allocations/frees...: 118197/118197 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 844 chars diff --git a/test/results/bjnp.pcap.out b/test/results/bjnp.pcap.out index 09b5c7f99..3c7979fc5 100644 --- a/test/results/bjnp.pcap.out +++ b/test/results/bjnp.pcap.out @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875527 bytes -~~ total memory freed........: 5875527 bytes -~~ total allocations/frees...: 118122/118122 +~~ total memory allocated....: 5878914 bytes +~~ total memory freed........: 5878914 bytes +~~ total allocations/frees...: 118146/118146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 440 chars ~~ json string max len.......: 682 chars diff --git a/test/results/bot.pcap.out b/test/results/bot.pcap.out index ed1250d1b..95f2136ea 100644 --- a/test/results/bot.pcap.out +++ b/test/results/bot.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877829 bytes -~~ total memory freed........: 5877829 bytes -~~ total allocations/frees...: 118492/118492 +~~ total memory allocated....: 5881216 bytes +~~ total memory freed........: 5881216 bytes +~~ total allocations/frees...: 118516/118516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 877 chars diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out index 8f77d857a..f857ccd03 100644 --- a/test/results/bt_search.pcap.out +++ b/test/results/bt_search.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6128167 bytes -~~ total memory freed........: 6128167 bytes -~~ total allocations/frees...: 118089/118089 +~~ total memory allocated....: 6131554 bytes +~~ total memory freed........: 6131554 bytes +~~ total allocations/frees...: 118113/118113 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 692 chars diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out index 4017dc5ce..f02c04167 100644 --- a/test/results/capwap.pcap.out +++ b/test/results/capwap.pcap.out @@ -54,9 +54,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881590 bytes -~~ total memory freed........: 5881590 bytes -~~ total allocations/frees...: 118494/118494 +~~ total memory allocated....: 5884977 bytes +~~ total memory freed........: 5884977 bytes +~~ total allocations/frees...: 118518/118518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 186 chars ~~ json string max len.......: 806 chars diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out index 9489f77da..9ef5d3515 100644 --- a/test/results/cassandra.pcap.out +++ b/test/results/cassandra.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875275 bytes -~~ total memory freed........: 5875275 bytes -~~ total allocations/frees...: 118374/118374 +~~ total memory allocated....: 5878662 bytes +~~ total memory freed........: 5878662 bytes +~~ total allocations/frees...: 118398/118398 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 693 chars diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out index 1a188a98d..834bb4013 100644 --- a/test/results/check_mk_new.pcap.out +++ b/test/results/check_mk_new.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868791 bytes -~~ total memory freed........: 5868791 bytes -~~ total allocations/frees...: 118183/118183 +~~ total memory allocated....: 5872178 bytes +~~ total memory freed........: 5872178 bytes +~~ total allocations/frees...: 118207/118207 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 705 chars diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out index 2aeadc294..84805a061 100644 --- a/test/results/chrome.pcap.out +++ b/test/results/chrome.pcap.out @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6047048 bytes -~~ total memory freed........: 6047048 bytes -~~ total allocations/frees...: 123751/123751 +~~ total memory allocated....: 6050435 bytes +~~ total memory freed........: 6050435 bytes +~~ total allocations/frees...: 123775/123775 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 943 chars diff --git a/test/results/citrix.pcap.out b/test/results/citrix.pcap.out index 5736d6461..981466db3 100644 --- a/test/results/citrix.pcap.out +++ b/test/results/citrix.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868849 bytes -~~ total memory freed........: 5868849 bytes -~~ total allocations/frees...: 118185/118185 +~~ total memory allocated....: 5872236 bytes +~~ total memory freed........: 5872236 bytes +~~ total allocations/frees...: 118209/118209 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 651 chars diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out index e0e887ee3..788f94cdc 100644 --- a/test/results/coap_mqtt.pcap.out +++ b/test/results/coap_mqtt.pcap.out @@ -97,9 +97,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6136527 bytes -~~ total memory freed........: 6136527 bytes -~~ total allocations/frees...: 126648/126648 +~~ total memory allocated....: 6139914 bytes +~~ total memory freed........: 6139914 bytes +~~ total allocations/frees...: 126672/126672 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 824 chars diff --git a/test/results/collectd.pcap.out b/test/results/collectd.pcap.out new file mode 100644 index 000000000..8fb6a9d62 --- /dev/null +++ b/test/results/collectd.pcap.out @@ -0,0 +1,69 @@ +00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"collectd.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946742154132} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02208{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946742154132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742154132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742155132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946742155132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742155132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY3gZOIFNgNKAAD\/\/2RldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946742156132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742156132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":946746151465} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946746151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946746151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946746151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946746151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqZZOIFXrI+AhD\/\/wAEdXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1655315218479} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655315218479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_msec":1655315218479,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02186{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655315228479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1350,"pkt_l4_len":1316,"thread_ts_msec":1655315228479,"pkt":"AAAAAAAAAAAAAAAACABFAAU4MI9AAEARByR\/AAABfwAAAdN6ZOIFJAM4AAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsSesw2LAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqGxJ6zFBoAAwAGMQAABQAJaWRsZQAABgAPAAECAAAAAABH5cwACAAMGKqGxJ6zCV4ABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSesxcVAAMABjIAAAUACWlkbGUAAAYADwABAgAAAAAASbf6AAgADBiqhsSesz\/FAAMABjMAAAYADwABAgAAAAAASH+uAAgADBiqhsSeswMiAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADpnAAgADBiqhsSesumvAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDmMACAAMGKqGxJ6zEJkABQAJaWRsZQAABgAPAAECAAAAAABGPJwACAAMGKqGxJ68MtkAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAACgm7UEABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA1JdBAAUACWZyZWUAAAYADwABAQAAAACQh79BAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAODuqEEABQALY2FjaGVkAAAGAA8AAQEAAAAAJH7mQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACyyetBAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAgF3AQQAIAAwYqobHHrIAtAACAAhjcHUAAAMABjAAAAQACGNwdQAABQAJdXNlcgAABgAPAAECAAAAAAAWmGUACAAMGKqGxx6yc88AAwAGMgAABgAPAAECAAAAAAAUAeoACAAMGKqGxx6y30YAAwAGMwAABgAPAAECAAAAAAAV4bkACAAMGKqGxx6zAhoAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASihAAIAAwYqobHHrJGeQADAAYxAAAFAAl1c2VyAAAGAA8AAQIAAAAAABXguwAIAAwYqobHHrN9FwADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJdqAAgADBiqhsces3G\/AAMABjEAAAYADwABAgAAAAAABKF6AAgADBiqhsces5viAAUACXdhaXQAAAYADwABAgAAAAAAAENHAAgADBiqhsces6+dAAMABjMAAAYADwABAgAAAAAAAD4RAAgADBiqhsces6bAAAMABjIAAAYADwABAgAAAAAAAEYxAAgADBiqhsces4cUAAMABjMAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEhMoACAAMGKqGxx6zvbEAAwAGMQAABQAJbmljZQAABgAPAAECAAAAAAAAADEACAAMGKqGxx6zxf4AAwAGMgAABgAPAAECAAAAAAAAACsACAAMGKqGxx6ztqkAAwAGMAAABgAPAAECAAAAAAAAACYACAAMGKqGxx60DwgABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAAEOaQAIAAwYqobHHrOS2gAFAAl3YWl0AAAGAA8AAQIAAAAAAABDTgAIAAwYqobHHrQljAADAAYyAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/sAAgADBiqhscetDpkAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOn9"} +02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655315238479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1370,"pkt_l4_len":1336,"thread_ts_msec":1655315238479,"pkt":"AAAAAAAAAAAAAAAACABFAAVMObJAAEAR\/ex\/AAABfwAAAdN6ZOIFOANMAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhscetBqdAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKNkAAgADBiqhscetF03AAMABjMAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADppAAgADBiqhscetFN7AAMABjIAAAYADwABAgAAAAAAAFKyAAgADBiqhsces99LAAMABjMAAAUACW5pY2UAAAYADwABAgAAAAAAAAAwAAgADBiqhscetHcUAAMABjIAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSGmwADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSVUgADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEY\/oQAIAAwYqobHHrSeKQADAAYxAAAGAA8AAQIAAAAAAEfo0wAIAAwYqobHHrSp9QADAAYyAAAGAA8AAQIAAAAAAEm7CwAIAAwYqobHHrSzJwADAAYzAAAGAA8AAQIAAAAAAEiCvgAIAAwYqobHHrz4NAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAnhPtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAPBdwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAgoHmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQP+\/QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAA83OtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAgM6XQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAACA8KhBAAgADBiqhscetEZwAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABzFgAIAAwYqobHHrQwpgADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG1PAAgADBiqhscetGYpAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrRulgADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobJnrHCtwADAAYwAAAFAAl1c2VyAAAGAA8AAQIAAAAAABaZBAAIAAwYqobJnrInDwADAAYyAAAGAA8AAQIAAAAAABQCXAAIAAwYqobJnrIEPAADAAYxAAAGAA8AAQIAAAAAABXhOQAIAAwYqobJnrJKgAADAAYzAAAGAA8AAQIAAAAAABXiOQAIAAwYqobJnrLEAgADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJeYAAgADBiqhsmessoeAAMABjMAAAYADwABAgAAAAAABIT4AAgADBiqhsmestlJAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENRAAgADBiqhsmesunZAAMABjMAAAYADwABAgAAAAAAAD4SAAgADBiqhsmest6UAAMABjEAAAYADwABAgAAAAAAAENMAAgADBiqhsmesvFnAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhsmesvgHAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhsmesxIGAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhsmeszJGAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDpI="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655315313991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1385,"pkt_l4_len":1351,"thread_ts_msec":1655315313991,"pkt":"AAAAAAAAAAAAAAAACABFAAVbgM9AAEARtsB\/AAABfwAAAYyUZOIFRwNbAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhtn\/u8qjAAkADAAAAAKAAAAAAAIAC21lbW9yeQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAlh\/tQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAKhiwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAFLfmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQOK9QQAFABBzbGFiX3VucmVjbAAABgAPAAEBAAAAAIDOl0EABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAASLbrQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAA\/6hBAAgADBiqhtx\/ZhRUAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABac6gAIAAwYqobcf2a6WwADAAYyAAAGAA8AAQIAAAAAABQGUgAIAAwYqobcf2Z5QgADAAYxAAAGAA8AAQIAAAAAABXlMgAIAAwYqobcf2fq4wADAAYzAAAGAA8AAQIAAAAAABXmCQAIAAwYqobcf2ls0AADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKQvAAgADBiqhtx\/ak1hAAMABjEAAAYADwABAgAAAAAABKMvAAgADBiqhtx\/auPbAAMABjIAAAYADwABAgAAAAAABJkFAAgADBiqhtx\/auwdAAMABjMAAAYADwABAgAAAAAABIaAAAgADBiqhtx\/avZhAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENoAAgADBiqhtx\/ayYTAAMABjEAAAYADwABAgAAAAAAAENqAAgADBiqhtx\/ay+GAAMABjIAAAYADwABAgAAAAAAAEY5AAgADBiqhtx\/azbWAAMABjMAAAYADwABAgAAAAAAAD4lAAgADBiqhtx\/az+lAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhtx\/a0duAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhtx\/a1DeAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhtx\/a4HiAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDtoACAAMGKqG3H9rm7MAAwAGMwAABgAPAAECAAAAAAAAbXsACAAMGKqG3H9rwnYAAwAGMAAABQAMc29mdGlycQAABgAPAAECAAAAAAAA6lEACAAMGKqG3H9ryqYAAwAGMQAABgAPAAECAAAAAAAAc00ACAAMGKqG3H9r0hQAAwAGMgAABgAPAAECAAAAAAAAUtAACAAMGKqG3H9rdmgAAwAGMwAABQAJbmljZQAABgAPAAECAAAAAAAAADAACAAMGKqG3H9r2UUABQAMc29mdGlycQAABgAPAAECAAAAAAAAOoIACAAMGKqG3H9rkwMAAwAGMgAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAADQJQAIAAwYqobcf2vh9wADAAYwAAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sELgAAwAGMgAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sBvkAAwAGMQAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sIysAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABGWboACAAMGKqG3H9sa1QAAwAGMgAABgAPAAECAAAAAABJ1ecACAAMGKqG3H9sLP4AAwAGMQAABgAPAAECAAAAAABIA0o="} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655315323990,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1365,"pkt_l4_len":1331,"thread_ts_msec":1655315323990,"pkt":"AAAAAAAAAAAAAAAACABFAAVHirVAAEARrO5\/AAABfwAAAYyUZOIFMwNHAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhtx\/bHQGAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEidkAAIAAwYqobcf2pzkAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAtjYWNoZWQAAAYADwABAQAAAADquuZBAAUACWZyZWUAAAYADwABAQAAAABg9LtBAAUADmF2YWlsYWJsZQAABgAPAAEBAAAAAGx860EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADAzpdBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAACACqUEACAAMGKqG3H9rit0AAgAIY3B1AAADAAYxAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo6sACAAMGKqG3H9qc5AAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQANYnVmZmVyZWQAAAYADwABAQAAAACIY8BBAAUACXVzZWQAAAYADwABAQAAAAASWe1BAAgADBiqhtx\/bBifAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3v9j7tsAAwAGMAAABQAJdXNlcgAABgAPAAECAAAAAAAWnWUACAAMGKqG3v9kGvkAAwAGMwAABgAPAAECAAAAAAAV5owACAAMGKqG3v9kAsUAAwAGMQAABgAPAAECAAAAAAAV5a4ACAAMGKqG3v9kKaIAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASkXAAIAAwYqobe\/2Q\/lAADAAYyAAAGAA8AAQIAAAAAAASZMwAIAAwYqobe\/2QPLwAFAAl1c2VyAAAGAA8AAQIAAAAAABQGygAIAAwYqobe\/2RCiwADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABIaoAAgADBiqht7\/ZEc5AAMABjEAAAUACXdhaXQAAAYADwABAgAAAAAAAENuAAgADBiqht7\/ZDoJAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEo1oACAAMGKqG3v9kRJUAAwAGMAAABQAJd2FpdAAABgAPAAECAAAAAAAAQ2sACAAMGKqG3v9kdBkAAwAGMQAABQAJbmljZQAABgAPAAECAAAAAAAAADEACAAMGKqG3v9kTQoAAwAGMAAABgAPAAECAAAAAAAAACYACAAMGKqG3v9kd7IAAwAGMgAABgAPAAECAAAAAAAAACsACAAMGKqG3v9kegkAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqG3v9kSxUABQAJd2FpdAAABgAPAAECAAAAAAAAPicACAAMGKqG3v9kjPIAAwAGMgAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAADQKgAIAAwYqobe\/2SPNAADAAYzAAAGAA8AAQIAAAAAAABtfwAIAAwYqobe\/2R86AADAAYwAAAGAA8AAQIAAAAAAAEO8QAIAAwYqobe\/2SRKwAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAADqWgAIAAwYqobe\/2R\/CgADAAYxAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKOyAAgADBiqht7\/ZJVyAAMABjIAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAFLTAAgADBiqht7\/ZJMuAAMABjEAAAYADwABAgAAAAAAAHNS"} +02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1655315333991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1371,"pkt_l4_len":1337,"thread_ts_msec":1655315333991,"pkt":"AAAAAAAAAAAAAAAACABFAAVNjPBAAEARqq1\/AAABfwAAAYyUZOIFOQNNAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqht7\/ZJeFAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAAA6hAAIAAwYqobe\/2SylwAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3v9kSVQAAwAGMgAABQAJd2FpdAAABgAPAAECAAAAAAAARkgACAAMGKqG3v9ksAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqht7\/ZMKYAAMABjEAAAUACWlkbGUAAAYADwABAgAAAAAASAZ5AAgADBiqht7\/ZMWkAAMABjIAAAYADwABAgAAAAAASdkKAAgADBiqht7\/ZMhRAAMABjMAAAYADwABAgAAAAAASKDCAAgADBiqht7\/ZKNFAAMABjEAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobe\/2SguQADAAYwAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobe\/2S1gAAFAAlpZGxlAAAGAA8AAQIAAAAAAEZc0AAIAAwYqobe\/2oc5AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAtontQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAADhkwEEABQAJZnJlZQAABgAPAAEBAAAAAHDUukEABQALY2FjaGVkAAAGAA8AAQEAAAAABq7mQQAFABBzbGFiX3VucmVjbAAABgAPAAEBAAAAAEDQl0EABQAOc2xhYl9yZWNsAAAGAA8AAQEAAAAAQAOpQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAUXOtBAAgADBiqhuF\/ZJVYAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABad0gAIAAwYqobhf2TUUQADAAYxAAAGAA8AAQIAAAAAABXmKwAIAAwYqobhf2W8mgADAAYzAAAGAA8AAQIAAAAAABXnBwAIAAwYqobhf2X1\/wADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKSOAAgADBiqhuF\/ZQ4SAAMABjIAAAUACXVzZXIAAAYADwABAgAAAAAAFAdJAAgADBiqhuF\/Z6HGAAMABjEAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEo4cACAAMGKqG4X9n2XUAAwAGMgAABgAPAAECAAAAAAAEmWAACAAMGKqG4X9ojcQAAwAGMAAABQAJd2FpdAAABgAPAAECAAAAAAAAQ20ACAAMGKqG4X9oFFcAAwAGMwAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASGyQAIAAwYqobhf2k\/YgADAAYxAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABDbwAIAAwYqobhf2nIHgADAAYyAAAGAA8AAQIAAAAAAABGSgAIAAwYqobhf2p39QADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqobhf2qAfQADAAYxAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobhf2qRzgADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqobhf2qMEQADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqobhf2rtCAADAAYxAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKO5AAgADBiqhuF\/axE6AAMABjIAAAYADwABAgAAAAAAANAv"} +00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315403990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315433990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1655315313991,"flow_last_seen":1655315503990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":30569,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315503990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1655315313991,"flow_last_seen":1655315683990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":58483,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315683990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655315734133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1376,"pkt_l4_len":1342,"thread_ts_msec":1655315734133,"pkt":"AAAAAAAAAAAAAAAACABFAAVSgypAAEARtG5\/AAABfwAAAY\/gZOIFPgNSAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0MI68hQAAkADAAAAAKAAAAAAAIAC21lbW9yeQAABAALbWVtb3J5AAAFAAtjYWNoZWQAAAYADwABAQAAAADeOudBAAUACWZyZWUAAAYADwABAQAAAAAAgbhBAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAKHzAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAADEo+tBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAEBJqUEABQAJdXNlZAAABgAPAAEBAAAAAPA87UEABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAACA4ZdBAAgADBiqh0WIfqylAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABawWQAIAAwYqodFiH7fdQADAAYxAAAGAA8AAQIAAAAAABX5TAAIAAwYqodFiH8ZSwADAAYyAAAGAA8AAQIAAAAAABQZhwAIAAwYqodFiH+y0wADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKntAAgADBiqh0WIf7qeAAMABjIAAAYADwABAgAAAAAABJ\/lAAgADBiqh0WIf9wOAAMABjMAAAYADwABAgAAAAAABI1BAAgADBiqh0WIgAgcAAMABjEAAAUACXdhaXQAAAYADwABAgAAAAAAAEPAAAgADBiqh0WIgBAPAAMABjIAAAYADwABAgAAAAAAAEdRAAgADBiqh0WIf+U8AAMABjAAAAYADwABAgAAAAAAAEPlAAgADBiqh0WIf0BEAAMABjMAAAUACXVzZXIAAAYADwABAgAAAAAAFfl+AAgADBiqh0WIgBZ8AAUACXdhaXQAAAYADwABAgAAAAAAAD55AAgADBiqh0WIgBzpAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqh0WIgEZ6AAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqh0WIgFc\/AAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABD\/MACAAMGKqHRYiAgLMAAwAGMgAABgAPAAECAAAAAAAA0OMACAAMGKqHRYh\/gyQAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASq\/AAIAAwYqodFiICRmAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAADr3gAIAAwYqodFiIBNyQADAAYzAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodFiICZhwADAAYxAAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAAB0EgAIAAwYqodFiICIwAADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG4vAAgADBiqh0WIgMnmAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodFiIA7sAADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodFiIDvvAADAAYyAAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHRYiA9t4AAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHRYiAwRUABQAMc29mdGlycQAABgAPAAECAAAAAAAAOukACAAMGKqHRYiAYIQAAwAGMQAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAACk0AAIAAwYqodFiIDnzgAFAApzdGVhbAAABgAPAAECAAAAAAAAAAA="} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +02203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655315744133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_msec":1655315744133,"pkt":"AAAAAAAAAAAAAAAACABFAAVEhDdAAEARs29\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0WIgKHRAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABTPAAIAAwYqodFiIOdBwACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAoGDtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANB8wEEABQALY2FjaGVkAAAGAA8AAQEAAAAAaj7nQQAFAAlmcmVlAAAGAA8AAQEAAAAAQEW3QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAUgOtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAQNqXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAABgSqlBAAgADBiqh0WIgTDLAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEklFQAIAAwYqodFiIEhWgADAAYxAAAGAA8AAQIAAAAAAEiJggAIAAwYqodFiIEpPwADAAYyAAAGAA8AAQIAAAAAAEpc4AAIAAwYqodFiIEZKAADAAYwAAAGAA8AAQIAAAAAAEbfpQAIAAwYqodICH80ewAFAAl1c2VyAAAGAA8AAQIAAAAAABaw1AAIAAwYqodICH91uQADAAYxAAAGAA8AAQIAAAAAABX5xwAIAAwYqodICIAQ0QADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKsuAAgADBiqh0gIgFQ+AAMABjIAAAYADwABAgAAAAAABKAUAAgADBiqh0gIgEmkAAMABjEAAAYADwABAgAAAAAABKofAAgADBiqh0gIgF6NAAMABjMAAAYADwABAgAAAAAABI1xAAgADBiqh0gIf+ECAAUACXVzZXIAAAYADwABAgAAAAAAFfn5AAgADBiqh0gIgGnkAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPnAAgADBiqh0gIgMRWAAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0gIgNdDAAMABjMAAAYADwABAgAAAAAAAD58AAgADBiqh0gIgO5RAAMABjIAAAUACW5pY2UAAAYADwABAgAAAAAAAAArAAgADBiqh0gIgOBWAAMABjAAAAYADwABAgAAAAAAAAAmAAgADBiqh0gIgOc0AAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqh0gIgRLpAAMABjMAAAYADwABAgAAAAAAAAAwAAgADBiqh0gIgSllAAMABjEAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAApNkACAAMGKqHSAiBOJYAAwAGMwAABgAPAAECAAAAAAAAbjQACAAMGKqHSAiBYGMAAwAGMAAABQAMc29mdGlycQAABgAPAAECAAAAAAAA6+YACAAMGKqHSAh\/nGIAAwAGMgAABQAJdXNlcgAABgAPAAECAAAAAAAUGgQACAAMGKqHSAiBZ\/8AAwAGMQAABQAMc29mdGlycQAABgAPAAECAAAAAAAAdBwACAAMGKqHSAiAzz8AAwAGMgAABQAJd2FpdAAABgAPAAECAAAAAAAAR1UACAAMGKqHSAiBe7cAAwAGMwAABQAMc29mdGlycQAABgAPAAECAAAAAAAAOuwACAAMGKqHSAiBhSgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAA"} +02212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1655315754132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":1655315754132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY\/gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-data-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1655315824133} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655315864132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1655316151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":1655316151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVgAEdXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1655316161464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1421,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1421,"pkt_l4_len":1387,"thread_ts_msec":1655316161464,"pkt":"AAAAAAAAAAAAAAAACABFAAV\/vHhAAAERCyfAqLIj78BKQpqYZOIFa7JLAhAFYwAEdXNlcoHTTu4jDT4spb1CiaNx+5RTDn8Im\/b94mza+2Tq7cMtskMUVXsMv7dZrJRMmMzbyIK4\/km4yyqNNo6Poo9ByCjRVFMTyyPT\/UT2wKYuzh4+P0AJOUuUlATRprrQzSelw1AlOIvvmScBLdJq7WdxmPSnFa+zKFXMmGiPwTbEIhRIPKuq6S\/J\/VyKO3TxoPwnfcaDGc1KsY1GQLAh8sJqmpR0mYJfLV75vjpe4BcGt05Cnd+IWZgAztagytrBIM67+fRSi+NiaoAAQpWqyiuvWgY+CLskTaKtEF8h9wSZvnYkCvPPKR0QSE7G+pK5ES0eFNWa+1eDOmZkEDc1i9Wj7VXdjo5fJEx2\/3IiiB5UNUGTEeK4mBP6SjM7aEQIBDgv6yGncYgbJv8lkxADwb4mixhSUEWeYIubY\/sjGLQuw+fno\/2V+FW3Or9qBqHt+jO2vbYAxL9De0l+X3mnWnnx9LA9D+EoBhRdQDAU8SwAPcO1nZKxtFVQEmYy4Ev5LD0cRTFUaFM\/TT1FIeO5lYZFNMEjbS0KR0At8kgASX4oE7iy0XJ62uujxcsFMzYaO+OeOclbqIYffC2RUQoXHJqger6nAAImbXnsl0Yu4PPBMgM1eSPtDbfOvyzkhWVDpQqFL0LaOIEfpgSggVDv\/dRk429TrRIFmsQNebxtKbgHn4Xilk2CHRzWTnQD8KPkFiM7RqUaeUcryC+E6juG7jhKTS2dMrdCP03tVnzDWmFRMXGxeDwPJof0pZKwYTbHyjtsI3L9tcxhKGsoD783Ic7IKBLSuy7jdJS1fuIal+iS4AA86NKOIbIz0ec024giNvfBZ575HrChKJmkSP9+nn1UgAEiXNDvy+17p0soQ2LGYrQl0sDFFpGPCX2EXfF25UFPEuMufWJFRn3lIoFaiX7jBeJ5U56cCUIYcD694Kx8BdhTqml2kv7AfwspY+rpzfse8SABjZl8CmbZDe5pG\/2\/G4uMvHE6tBlZKUmIs8c79lUh\/pCUYntjfiF+pjszE+pUzy7FY4DPb+vEcK0xgXO5+0tqMWWVfPzZY8scxbejQR\/4RTVAAwFe3Ax5LD\/us75Xy9NPkHrAZmiG8gUerFYEHE\/M9i5uXtZyc2a08fzqQI\/Eao\/ha4UWXeCRPgKFAupttiZJlo5JGqa8vqGgJPEfEyyylaxzkrdOaUFGxae\/cVO6WvuneM3yJBdYJ8msDBdSJFHRYHjw2OQiK9UbaMSIfdvz7Awe7E2DL\/XyeMKXUeNTlmmM5gyC+pdg1dgvm84WqRyGkpSOQCYFN65RDtXyAefYnqxgbi0O6SqvI17JBkSRrDCeLoSL3NEDK3WWVZ2PcO7jpMhUMF56E\/+HC8STbZE7RMrn2q1cgV+GXyL4ibIgw52TOUUs7qd05Gz\/mi9lHH\/cjJwlNio31+o7dkfGyGyrqz7wUjQZLJq3XWe8CW7UizPU3BncynHVyPZq3+200q8BC+YvCmkLGpGrzc0\/+RWrT+5baFlh\/eIx8nfYhIaDYZFesVK5X4LKsKg6crpIT1EXpf4GdAV277Djc7GYAc9NdQYCDpZfWmEPzTeHXX4IaFXJkBSvrKgylFjgJ\/YrCXjYVM\/7o19QhFgWiV+dbHO8pjEOtvj8B1GsTi\/BKa2wXNb+8mOW9Dh\/9YmdegyUenEoJ4bzIVQ\/5DFAjYNOMTX7CIWFcQV32FgTHjBJ2gFgj22S7oAUJPSo7Vz\/NPjvKSTYKGiPpAiOVtKpLbeA60g7lfqjHStCz9vEIFJC15nxTsveOnho3UiCyRNSbUJKU1ATcf3IBYMl9FCC1+2GCqtOZW0NY1ovxgU="} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655315734133,"flow_last_seen":1655315868800,"flow_idle_time":200000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1342,"flow_tot_l4_payload_len":22041,"flow_avg_l4_payload_len":1296,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1655316171464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_msec":1655316171464,"pkt":"AAAAAAAAAAAAAAAACABFAAWMwzhAAAERBFrAqLIj78BKQpqYZOIFeLJYAhAFcAAEdXNlcid4w6halbvXS613MX5H51i+nDzaEWkA1VmugP8ABM5xryT\/nH\/vwU2Taojp1kKL2hrGHv0CQBfbLyDZQIw25R5Y7WOAHgQ6IMdV2Q15UvYZZHiZdFDb7AXtZjCHYww\/pZtLpAofcLVJnk+RyLZSqcqADyQ2f46Ho0jVLCz8ioU9SFecatQnEdr43X\/5Al5RG9CIVCm7hvP2jE7HDrP8HsnKwC7MkWWO+h8NZIHYs88z00xAsYnVZJ6iUya5W4VoShVoESpu9tOpgEENAy0y1\/T2ebTBJ8GVq\/9m8TbLNKq9enpKxMosHCvUiEUcsdJF9\/NgXCv425Qb9McHLBVRtkvQ5K5ZuFFub2yn+Muu7vyFIbrl8KnCKB0O0BcJI0E4Ml8gSEuYZi4lHgF64H2JqiFhuQlqEjOR7vcXoE9fITH7IeQHixZ6ByxHOc9cMOLUC1JQmVQqJaSOGLnKxLq9tvIl16Rl\/4TFskTLim1On\/MQ0m0CnBfUvs54FBGtig6jvjePsw5LH5BsN3aQN0ydNYkSxm1BPTHyMbQtIJWT6jw+L0uz1DvQpjzc4RcX7o12T9yXPGTmO7W6BnWLgiIHFmK8TkO5nxY8G89PFe9hR9WrmdFFiLtVQPVJf7ENe6zHG\/2H33iJTJ4WLBh6gAGpUQbmckVksY2eXX7NHoIQFh96dAEzI5Uq7lAAysra8IeGHGeVTOuX0qXUANkBV9MvnXi2Sv1xFNTDS+l+qYURumUgEy9IWQnpwd0YDFPMVMaNE6a4WWC+WR25LgETzjPKh2N4X2C4vH+Sj81sRqfQW4fEJz2SbwyiM4LNTvfzllFIOcETpkT0PNrUJhZ9RkbZcrFuhK5GPnAOOlI93\/6Dy6gL6LHfz0ha2rGej\/yfvsGmiVdtT48gm+maRs\/4BmXetTEhuj1sevyAPjnjkpKPJKIUT26r7UHHLP4ueFCDDP421Dntl\/szsHpYKetXMWMWV6wcodHYjVNSZUoWGtdu7pg06SV69wiC2hi9IfHv8aS2ycQ1KaD3OGcp0uUksh8BkimCFB1hYWbRTUEqzpum0AmXV7qAZtZwDPK+fg8FmayZWTSqSORiCbSXPn3datjeA\/S8P0qOYJvvSK\/Jqnh5OXXe7UJ4+ReS\/Tp5APmi3t2Gf31eqGua0fKEuDgc44bhVUUUGFdftYdcyXnQ0YzAlbdvM3u5hNkJ3Ch+CQaEndN47jNTzhOTvEga6AZ2zgQ4Dyf4GFQPNAw4JGDbYs308hjGafMwkPR8Z9FKuhJ6GoJLzKZV8ys+pcCFLPJbEJHig27gbbKD7ZFre\/nk6mMszf98vHdBDrzqHFjjeEPXz3ejznu8ifYD42gc1YANDtPsgnGU3hA+MSbcLdHUiCGAPF33svO+jzSd6GTY9ejDa2G1BXZw9nTi35b3aYqiH19hqz8yJ7WMPfCBkW4bv9XCKQagsLDMEva9cko3kdccurIqJCjTRDc6SjjtO+4iqLDhC3EKdFmxHpDCfelDkdDcNb1knb4u0aodpInw+qBRqH6L+FOsszUtJ16pCENKJDAG5yRgdTAF\/YSkTW82VRXU8\/985HVLLLM4Zaq1NMYpaN8OogkG7TxqnhPgIY57Fi9+jhIxuy1V1kkomKSycuZXc9ZEAuNCSDWdCaoLSkFZOVx6OEaSJvmSK02QT9RA8ytnVXVgmOqcsgeg9tJprKYtXmF3nYrOqgdi8PX\/bMaAdxzzgX410QIdeFWu\/81QoVE7NTemALBRfg0W0\/HHCndMie3SK3O5RE5HSjup\/JzXQWL5spu8mQXoIPO\/+8d0nrCpsULdDch57rECCbIrYvNQvEneLQwoMVDV"} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655316151465,"flow_last_seen":1655316182371,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1392,"flow_tot_l4_payload_len":6745,"flow_avg_l4_payload_len":1349,"midstream":0,"thread_ts_msec":1655316182371,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-data-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1655316182371} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 81/81 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 105984 bytes +~~ total detected protocols..: 6 +~~ total active/idle flows...: 9/9 +~~ total timeout flows.......: 3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5879941 bytes +~~ total memory freed........: 5879941 bytes +~~ total allocations/frees...: 118214/118214 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 464 chars +~~ json string max len.......: 2325 chars +~~ json string avg len.......: 1393 chars diff --git a/test/results/corba.pcap.out b/test/results/corba.pcap.out index 01ffe89ca..7eb06baf9 100644 --- a/test/results/corba.pcap.out +++ b/test/results/corba.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874795 bytes -~~ total memory freed........: 5874795 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 5878182 bytes +~~ total memory freed........: 5878182 bytes +~~ total allocations/frees...: 118140/118140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 675 chars diff --git a/test/results/cpha.pcap.out b/test/results/cpha.pcap.out index f7780cf67..64b217d9f 100644 --- a/test/results/cpha.pcap.out +++ b/test/results/cpha.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 663 chars diff --git a/test/results/dazn.pcapng.out b/test/results/dazn.pcapng.out index 4fa7353b2..f6a69e5f8 100644 --- a/test/results/dazn.pcapng.out +++ b/test/results/dazn.pcapng.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874589 bytes -~~ total memory freed........: 5874589 bytes -~~ total allocations/frees...: 118112/118112 +~~ total memory allocated....: 5877976 bytes +~~ total memory freed........: 5877976 bytes +~~ total allocations/frees...: 118136/118136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1167 chars diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out index 199dc773d..77c874427 100644 --- a/test/results/dcerpc.pcap.out +++ b/test/results/dcerpc.pcap.out @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869509 bytes -~~ total memory freed........: 5869509 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 5872896 bytes +~~ total memory freed........: 5872896 bytes +~~ total allocations/frees...: 118134/118134 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1732 chars diff --git a/test/results/dhcp-fuzz.pcapng.out b/test/results/dhcp-fuzz.pcapng.out index 6a1b49353..e4b4d01af 100644 --- a/test/results/dhcp-fuzz.pcapng.out +++ b/test/results/dhcp-fuzz.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 857 chars diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out index 23ad0c712..7d07eae71 100644 --- a/test/results/diameter.pcap.out +++ b/test/results/diameter.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866123 bytes -~~ total memory freed........: 5866123 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5869510 bytes +~~ total memory freed........: 5869510 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 938 chars diff --git a/test/results/discord.pcap.out b/test/results/discord.pcap.out index f795e9e2a..99a0dadee 100644 --- a/test/results/discord.pcap.out +++ b/test/results/discord.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871104 bytes -~~ total memory freed........: 5871104 bytes -~~ total allocations/frees...: 118101/118101 +~~ total memory allocated....: 5874491 bytes +~~ total memory freed........: 5874491 bytes +~~ total allocations/frees...: 118125/118125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 448 chars ~~ json string max len.......: 1299 chars diff --git a/test/results/dlt_ppp.pcap.out b/test/results/dlt_ppp.pcap.out index ecf7b2db8..c9efdbe86 100644 --- a/test/results/dlt_ppp.pcap.out +++ b/test/results/dlt_ppp.pcap.out @@ -10,9 +10,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 175 chars ~~ json string max len.......: 1932 chars diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out index 927a99c94..70ad62126 100644 --- a/test/results/dnp3.pcap.out +++ b/test/results/dnp3.pcap.out @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890968 bytes -~~ total memory freed........: 5890968 bytes -~~ total allocations/frees...: 118650/118650 +~~ total memory allocated....: 5894355 bytes +~~ total memory freed........: 5894355 bytes +~~ total allocations/frees...: 118674/118674 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 678 chars diff --git a/test/results/dns-invalid-chars.pcap.out b/test/results/dns-invalid-chars.pcap.out index 3efbff9cc..92a35c91d 100644 --- a/test/results/dns-invalid-chars.pcap.out +++ b/test/results/dns-invalid-chars.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866007 bytes -~~ total memory freed........: 5866007 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5869394 bytes +~~ total memory freed........: 5869394 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 802 chars diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out index 6e488c334..44476a796 100644 --- a/test/results/dns-tunnel-iodine.pcap.out +++ b/test/results/dns-tunnel-iodine.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878535 bytes -~~ total memory freed........: 5878535 bytes -~~ total allocations/frees...: 118519/118519 +~~ total memory allocated....: 5881947 bytes +~~ total memory freed........: 5881947 bytes +~~ total allocations/frees...: 118544/118544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 919 chars diff --git a/test/results/dns_ambiguous_names.pcap.out b/test/results/dns_ambiguous_names.pcap.out index f895bb647..a647fb9f6 100644 --- a/test/results/dns_ambiguous_names.pcap.out +++ b/test/results/dns_ambiguous_names.pcap.out @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875834 bytes -~~ total memory freed........: 5875834 bytes -~~ total allocations/frees...: 118133/118133 +~~ total memory allocated....: 5879221 bytes +~~ total memory freed........: 5879221 bytes +~~ total allocations/frees...: 118157/118157 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 901 chars diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out index 32f381427..d0c1b5043 100644 --- a/test/results/dns_doh.pcap.out +++ b/test/results/dns_doh.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872157 bytes -~~ total memory freed........: 5872157 bytes -~~ total allocations/frees...: 118230/118230 +~~ total memory allocated....: 5875544 bytes +~~ total memory freed........: 5875544 bytes +~~ total allocations/frees...: 118254/118254 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 958 chars diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out index 62a00ba13..e9a722d96 100644 --- a/test/results/dns_dot.pcap.out +++ b/test/results/dns_dot.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872931 bytes -~~ total memory freed........: 5872931 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 5876318 bytes +~~ total memory freed........: 5876318 bytes +~~ total allocations/frees...: 118150/118150 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1635 chars diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out index f777cbbaf..3667d3436 100644 --- a/test/results/dns_exfiltration.pcap.out +++ b/test/results/dns_exfiltration.pcap.out @@ -4,9 +4,9 @@ 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1580978146717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1580978146717,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} 00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1580978146888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1580978146888,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1580978147753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1580978147753,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-data-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1580978206707} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 300/300 @@ -16,10 +16,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874729 bytes -~~ total memory freed........: 5874729 bytes -~~ total allocations/frees...: 118386/118386 +~~ total memory allocated....: 5878150 bytes +~~ total memory freed........: 5878150 bytes +~~ total allocations/frees...: 118411/118411 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars -~~ json string max len.......: 993 chars -~~ json string avg len.......: 728 chars +~~ json string max len.......: 1102 chars +~~ json string avg len.......: 779 chars diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out index 7c79c78ee..841532dca 100644 --- a/test/results/dns_fragmented.pcap.out +++ b/test/results/dns_fragmented.pcap.out @@ -154,9 +154,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5888513 bytes -~~ total memory freed........: 5888513 bytes -~~ total allocations/frees...: 118214/118214 +~~ total memory allocated....: 5891900 bytes +~~ total memory freed........: 5891900 bytes +~~ total allocations/frees...: 118238/118238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 214 chars ~~ json string max len.......: 2446 chars diff --git a/test/results/dns_invert_query.pcapng.out b/test/results/dns_invert_query.pcapng.out index 2d063116e..b9a92df6a 100644 --- a/test/results/dns_invert_query.pcapng.out +++ b/test/results/dns_invert_query.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866007 bytes -~~ total memory freed........: 5866007 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5869394 bytes +~~ total memory freed........: 5869394 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 781 chars diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out index 69eee9725..593e4b6ca 100644 --- a/test/results/dns_long_domainname.pcap.out +++ b/test/results/dns_long_domainname.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866024 bytes -~~ total memory freed........: 5866024 bytes -~~ total allocations/frees...: 118088/118088 +~~ total memory allocated....: 5869411 bytes +~~ total memory freed........: 5869411 bytes +~~ total allocations/frees...: 118112/118112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 819 chars diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out index c5b0c4058..5ad6b13cf 100644 --- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1473,9 +1473,9 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6131909 bytes -~~ total memory freed........: 6131909 bytes -~~ total allocations/frees...: 119305/119305 +~~ total memory allocated....: 6135296 bytes +~~ total memory freed........: 6135296 bytes +~~ total allocations/frees...: 119329/119329 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 228 chars ~~ json string max len.......: 2433 chars diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out index b269645b7..c42c399dc 100644 --- a/test/results/dnscrypt-v2-doh.pcap.out +++ b/test/results/dnscrypt-v2-doh.pcap.out @@ -249,9 +249,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6063278 bytes -~~ total memory freed........: 6063278 bytes -~~ total allocations/frees...: 118900/118900 +~~ total memory allocated....: 6066665 bytes +~~ total memory freed........: 6066665 bytes +~~ total allocations/frees...: 118924/118924 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 4713 chars diff --git a/test/results/dnscrypt-v2.pcap.out b/test/results/dnscrypt-v2.pcap.out index e7fc7be75..62e869187 100644 --- a/test/results/dnscrypt-v2.pcap.out +++ b/test/results/dnscrypt-v2.pcap.out @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868187 bytes -~~ total memory freed........: 5868187 bytes -~~ total allocations/frees...: 118097/118097 +~~ total memory allocated....: 5871574 bytes +~~ total memory freed........: 5871574 bytes +~~ total allocations/frees...: 118121/118121 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1924 chars diff --git a/test/results/dnscrypt_skype_false_positive.pcapng.out b/test/results/dnscrypt_skype_false_positive.pcapng.out index d3f3445d0..40d74d792 100644 --- a/test/results/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/dnscrypt_skype_false_positive.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866123 bytes -~~ total memory freed........: 5866123 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5869510 bytes +~~ total memory freed........: 5869510 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 487 chars ~~ json string max len.......: 1159 chars diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out index be852375d..199b91c38 100644 --- a/test/results/doq.pcapng.out +++ b/test/results/doq.pcapng.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877695 bytes -~~ total memory freed........: 5877695 bytes -~~ total allocations/frees...: 118129/118129 +~~ total memory allocated....: 5881082 bytes +~~ total memory freed........: 5881082 bytes +~~ total allocations/frees...: 118153/118153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2144 chars diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out index 642b03930..5dd144f24 100644 --- a/test/results/doq_adguard.pcapng.out +++ b/test/results/doq_adguard.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5884603 bytes -~~ total memory freed........: 5884603 bytes -~~ total allocations/frees...: 118402/118402 +~~ total memory allocated....: 5887990 bytes +~~ total memory freed........: 5887990 bytes +~~ total allocations/frees...: 118426/118426 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2120 chars diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out index 2aeeff3a1..e972d47c1 100644 --- a/test/results/dos_win98_smb_netbeui.pcap.out +++ b/test/results/dos_win98_smb_netbeui.pcap.out @@ -347,9 +347,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870843 bytes -~~ total memory freed........: 5870843 bytes -~~ total allocations/frees...: 118156/118156 +~~ total memory allocated....: 5874230 bytes +~~ total memory freed........: 5874230 bytes +~~ total allocations/frees...: 118180/118180 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars ~~ json string max len.......: 1903 chars diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out index f84a4e1c8..38a4be53a 100644 --- a/test/results/drda_db2.pcap.out +++ b/test/results/drda_db2.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869099 bytes -~~ total memory freed........: 5869099 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 5872486 bytes +~~ total memory freed........: 5872486 bytes +~~ total allocations/frees...: 118148/118148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 692 chars diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out index 94a0f0099..b331ce3b4 100644 --- a/test/results/dropbox.pcap.out +++ b/test/results/dropbox.pcap.out @@ -109,9 +109,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5904989 bytes -~~ total memory freed........: 5904989 bytes -~~ total allocations/frees...: 118975/118975 +~~ total memory allocated....: 5908376 bytes +~~ total memory freed........: 5908376 bytes +~~ total allocations/frees...: 118999/118999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 830 chars diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out index fbe73bd1d..439ce8907 100644 --- a/test/results/dtls.pcap.out +++ b/test/results/dtls.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866015 bytes -~~ total memory freed........: 5866015 bytes -~~ total allocations/frees...: 118088/118088 +~~ total memory allocated....: 5869402 bytes +~~ total memory freed........: 5869402 bytes +~~ total allocations/frees...: 118112/118112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1053 chars diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out index 299b747f0..6dcf117b1 100644 --- a/test/results/dtls2.pcap.out +++ b/test/results/dtls2.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866887 bytes -~~ total memory freed........: 5866887 bytes -~~ total allocations/frees...: 118119/118119 +~~ total memory allocated....: 5870274 bytes +~~ total memory freed........: 5870274 bytes +~~ total allocations/frees...: 118143/118143 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1348 chars diff --git a/test/results/dtls_certificate.pcapng.out b/test/results/dtls_certificate.pcapng.out index 84a26cad0..761fa2492 100644 --- a/test/results/dtls_certificate.pcapng.out +++ b/test/results/dtls_certificate.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874407 bytes -~~ total memory freed........: 5874407 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5877794 bytes +~~ total memory freed........: 5877794 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars ~~ json string max len.......: 2405 chars diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out index 8ed142547..e55e16c66 100644 --- a/test/results/dtls_certificate_fragments.pcap.out +++ b/test/results/dtls_certificate_fragments.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866553 bytes -~~ total memory freed........: 5866553 bytes -~~ total allocations/frees...: 118107/118107 +~~ total memory allocated....: 5869940 bytes +~~ total memory freed........: 5869940 bytes +~~ total allocations/frees...: 118131/118131 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 482 chars ~~ json string max len.......: 1244 chars diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out index c59a462c7..bbd340646 100644 --- a/test/results/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/dtls_session_id_and_coockie_both.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866073 bytes -~~ total memory freed........: 5866073 bytes -~~ total allocations/frees...: 118090/118090 +~~ total memory allocated....: 5869460 bytes +~~ total memory freed........: 5869460 bytes +~~ total allocations/frees...: 118114/118114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 488 chars ~~ json string max len.......: 1139 chars diff --git a/test/results/emotet.pcap.out b/test/results/emotet.pcap.out index b50f9cd9d..7e49f4fd9 100644 --- a/test/results/emotet.pcap.out +++ b/test/results/emotet.pcap.out @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5946999 bytes -~~ total memory freed........: 5946999 bytes -~~ total allocations/frees...: 120502/120502 +~~ total memory allocated....: 5950386 bytes +~~ total memory freed........: 5950386 bytes +~~ total allocations/frees...: 120526/120526 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 1473 chars diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out index 1e68e4136..a36555efa 100644 --- a/test/results/encrypted_sni.pcap.out +++ b/test/results/encrypted_sni.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876125 bytes -~~ total memory freed........: 5876125 bytes -~~ total allocations/frees...: 118106/118106 +~~ total memory allocated....: 5879512 bytes +~~ total memory freed........: 5879512 bytes +~~ total allocations/frees...: 118130/118130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1431 chars diff --git a/test/results/esp.pcapng.out b/test/results/esp.pcapng.out index 7e76be922..b9d43e4ba 100644 --- a/test/results/esp.pcapng.out +++ b/test/results/esp.pcapng.out @@ -2,27 +2,27 @@ 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587340723655} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587340723655,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587340723655,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587340723662,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587340723662,"pkt":"qrvMAAIQqrvMAAMQCABFwAGCALsAAP4RnuUKAwQECgIDAgH0AfQBbq1OBawPTRIgE\/RfRu5wvExdDSEgIiAAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAeXKfqwaHkiVcMu+s4hPX5cnikVUBSUWhEvjp8uoOs40Tz5cGWTSvQJV6y1mRBbxFiQyb2IMgnjb1iZi0xKtA\/z0+EIGKekMJYxfmbb\/4xwAcTsSdkiXWBGpDjFPvtwoFKwAAJFV3ojUiOZ96AboWM1NGpIwiUnFn+cWbLdwgiG0miL+8KwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABM9z9pZZgKD+9ZzdamlEsYrKkUeFAAAAHAAAQAW1v1HiklqGfJbwATvaTOUm2F82pg=="} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587340723670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1587340723670,"pkt":"qrvMAAMQqrvMAAIQCABFwAF0AOAAAP8Rnc4KAgMCCgMEBAH0AfQBYJxOBawPTRIgE\/RfRu5wvExdDS4gIwgAAAABAAABWCsAATwo9kmU8gXj0EedKmJNK+VWGrNk6m7d+9Hkki0QPpJ2UQ5K8xYpTzRz1oZI364ZkaSAYAohIEiUwnprO5bmbmb9qIM0+fTiZw1DojFlouyNg03a\/0kz6o8jRJv4PqCaYhITIh\/4NKPCOB9tcYohRiSgu\/5zHv5JvWQ3XksC8IcgVNMiE\/5aFElRFljlmMpjAGXZkK5XnvWJkamx2rhcvcJAij70Uj\/oD\/j\/w0o\/c6VbgHLqoRwpcPmMvxRAwmOQ9oz2xcYWrhIQBi3xWUKWjmz+pxNn90bdNL3SDkdsODmIIBQap7G54zol1jJWQerYPntwLshRMgA0rGIBYYU+04lQqf81IAAxPlDlMj5Hwsr6MJ2wlEyY2dKouxpx9+iHwUGg8fELtW5lR77T\/2mt7GtUUmU2DqAv\/QQ="} 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587340725658,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587340725658,"pkt":"qrvMAAMQqrvMAAIQCABFAACYACQAAP8yoAUKAgMCCgMEBCNgsOMAAAABectfgWUl04YUbzWcC+4xd1UOV3SUluMVSc1O+uGKzjlWG3KV9r0S61l07FAMCtvDlpgFzU5YdVATZgur7sMbrkC7o3l\/upPdN3M20ENHGJg7SyVgEI8QrdTAVpl1VXAu7t+SCLVFZwaCQYUWnFFZvKSDZFqF6SACpTMBZA=="} -00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPsec","breed":"Safe","category":"VPN"}} +00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587340725659,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587340725659,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="} -00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"flow_avg_l4_payload_len":339,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} -00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"flow_avg_l4_payload_len":339,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587340725658,"flow_last_seen":1587340725659,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPsec","breed":"Safe","category":"VPN"}} -00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1620,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587340725659} +00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"flow_avg_l4_payload_len":339,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587340725658,"flow_last_seen":1587340725659,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587340725659} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 1620 bytes -~~ total detected protocols..: 1 +~~ total detected protocols..: 2 ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867155 bytes -~~ total memory freed........: 5867155 bytes -~~ total allocations/frees...: 118094/118094 +~~ total memory allocated....: 5870542 bytes +~~ total memory freed........: 5870542 bytes +~~ total allocations/frees...: 118118/118118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 923 chars diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out index bd3334c06..1ca6703cc 100644 --- a/test/results/ethereum.pcap.out +++ b/test/results/ethereum.pcap.out @@ -438,9 +438,9 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6007493 bytes -~~ total memory freed........: 6007493 bytes -~~ total allocations/frees...: 120306/120306 +~~ total memory allocated....: 6010880 bytes +~~ total memory freed........: 6010880 bytes +~~ total allocations/frees...: 120330/120330 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1985 chars diff --git a/test/results/ethernetIP.pcap.out b/test/results/ethernetIP.pcap.out index 14b5b1e69..6a23bd7c2 100644 --- a/test/results/ethernetIP.pcap.out +++ b/test/results/ethernetIP.pcap.out @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871945 bytes -~~ total memory freed........: 5871945 bytes -~~ total allocations/frees...: 118194/118194 +~~ total memory allocated....: 5875332 bytes +~~ total memory freed........: 5875332 bytes +~~ total allocations/frees...: 118218/118218 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 2075 chars diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out index 14c2f9a1b..ce93a1ed5 100644 --- a/test/results/exe_download.pcap.out +++ b/test/results/exe_download.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886503 bytes -~~ total memory freed........: 5886503 bytes -~~ total allocations/frees...: 118794/118794 +~~ total memory allocated....: 5889890 bytes +~~ total memory freed........: 5889890 bytes +~~ total allocations/frees...: 118818/118818 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1179 chars diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out index 8255eae7c..b14d9bb47 100644 --- a/test/results/exe_download_as_png.pcap.out +++ b/test/results/exe_download_as_png.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881533 bytes -~~ total memory freed........: 5881533 bytes -~~ total allocations/frees...: 118624/118624 +~~ total memory allocated....: 5884920 bytes +~~ total memory freed........: 5884920 bytes +~~ total allocations/frees...: 118648/118648 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1042 chars diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out index 71ddeab7a..116414f89 100644 --- a/test/results/facebook.pcap.out +++ b/test/results/facebook.pcap.out @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880042 bytes -~~ total memory freed........: 5880042 bytes -~~ total allocations/frees...: 118169/118169 +~~ total memory allocated....: 5883429 bytes +~~ total memory freed........: 5883429 bytes +~~ total allocations/frees...: 118193/118193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 1368 chars diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out index 3014a9bca..3812efa33 100644 --- a/test/results/firefox.pcap.out +++ b/test/results/firefox.pcap.out @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6041354 bytes -~~ total memory freed........: 6041354 bytes -~~ total allocations/frees...: 123559/123559 +~~ total memory allocated....: 6044741 bytes +~~ total memory freed........: 6044741 bytes +~~ total allocations/frees...: 123583/123583 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 921 chars diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out index 8b5455fd7..e67a8a9a6 100644 --- a/test/results/fix.pcap.out +++ b/test/results/fix.pcap.out @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5938446 bytes -~~ total memory freed........: 5938446 bytes -~~ total allocations/frees...: 119391/119391 +~~ total memory allocated....: 5941833 bytes +~~ total memory freed........: 5941833 bytes +~~ total allocations/frees...: 119415/119415 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 676 chars diff --git a/test/results/fix2.pcap.out b/test/results/fix2.pcap.out index 87dff2f5c..e58028ae8 100644 --- a/test/results/fix2.pcap.out +++ b/test/results/fix2.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5959411 bytes -~~ total memory freed........: 5959411 bytes -~~ total allocations/frees...: 121136/121136 +~~ total memory allocated....: 5962798 bytes +~~ total memory freed........: 5962798 bytes +~~ total allocations/frees...: 121160/121160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 672 chars diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out index e3a55d94e..d51a854a9 100644 --- a/test/results/forticlient.pcap.out +++ b/test/results/forticlient.pcap.out @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5959190 bytes -~~ total memory freed........: 5959190 bytes -~~ total allocations/frees...: 120125/120125 +~~ total memory allocated....: 5962577 bytes +~~ total memory freed........: 5962577 bytes +~~ total allocations/frees...: 120149/120149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1471 chars diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out index 65b74b31b..ad4d51d88 100644 --- a/test/results/ftp-start-tls.pcap.out +++ b/test/results/ftp-start-tls.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869476 bytes -~~ total memory freed........: 5869476 bytes -~~ total allocations/frees...: 118137/118137 +~~ total memory allocated....: 5872863 bytes +~~ total memory freed........: 5872863 bytes +~~ total allocations/frees...: 118161/118161 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 821 chars diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out index 4d1e7def0..c4565c66b 100644 --- a/test/results/ftp.pcap.out +++ b/test/results/ftp.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5908744 bytes -~~ total memory freed........: 5908744 bytes -~~ total allocations/frees...: 119287/119287 +~~ total memory allocated....: 5912131 bytes +~~ total memory freed........: 5912131 bytes +~~ total allocations/frees...: 119311/119311 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 826 chars diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out index cdd389ab9..5bc09df3b 100644 --- a/test/results/ftp_failed.pcap.out +++ b/test/results/ftp_failed.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868538 bytes -~~ total memory freed........: 5868538 bytes -~~ total allocations/frees...: 118105/118105 +~~ total memory allocated....: 5871925 bytes +~~ total memory freed........: 5871925 bytes +~~ total allocations/frees...: 118129/118129 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 837 chars diff --git a/test/results/fuzz-2006-06-26-2594.pcap.out b/test/results/fuzz-2006-06-26-2594.pcap.out index 90345b521..86a88b701 100644 --- a/test/results/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/fuzz-2006-06-26-2594.pcap.out @@ -1444,9 +1444,9 @@ ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6178434 bytes -~~ total memory freed........: 6178434 bytes -~~ total allocations/frees...: 119483/119483 +~~ total memory allocated....: 6181821 bytes +~~ total memory freed........: 6181821 bytes +~~ total allocations/frees...: 119507/119507 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars ~~ json string max len.......: 1897 chars diff --git a/test/results/fuzz-2006-09-29-28586.pcap.out b/test/results/fuzz-2006-09-29-28586.pcap.out index 20655b744..d50032db5 100644 --- a/test/results/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/fuzz-2006-09-29-28586.pcap.out @@ -206,9 +206,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5921558 bytes -~~ total memory freed........: 5921558 bytes -~~ total allocations/frees...: 118348/118348 +~~ total memory allocated....: 5924945 bytes +~~ total memory freed........: 5924945 bytes +~~ total allocations/frees...: 118372/118372 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars ~~ json string max len.......: 2426 chars diff --git a/test/results/fuzz-2020-02-16-11740.pcap.out b/test/results/fuzz-2020-02-16-11740.pcap.out index 5536ff673..05c4c299c 100644 --- a/test/results/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/fuzz-2020-02-16-11740.pcap.out @@ -488,9 +488,9 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5955174 bytes -~~ total memory freed........: 5955174 bytes -~~ total allocations/frees...: 118620/118620 +~~ total memory allocated....: 5958561 bytes +~~ total memory freed........: 5958561 bytes +~~ total allocations/frees...: 118644/118644 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars ~~ json string max len.......: 1566 chars diff --git a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out index c286cc90a..fcef519df 100644 --- a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 229 chars ~~ json string max len.......: 574 chars diff --git a/test/results/fuzz-2021-10-13.pcap.out b/test/results/fuzz-2021-10-13.pcap.out index df0de0802..e4822c162 100644 --- a/test/results/fuzz-2021-10-13.pcap.out +++ b/test/results/fuzz-2021-10-13.pcap.out @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 208 chars ~~ json string max len.......: 558 chars diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out index d1c739622..df5a8bdb4 100644 --- a/test/results/genshin-impact.pcap.out +++ b/test/results/genshin-impact.pcap.out @@ -18,21 +18,42 @@ 00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1618759616511,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1618759616511,"pkt":"YDjgxTWgeJS0JASgCABFAAAwBJVAADYRLowI0UW\/wKgCZFZVzV8AHCclAAABRQAC8VwSg\/gZSZYC0hRRRUU="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1618759616572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1618759616572,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":45,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1618759618761} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1650541441246} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650541441246,"flow_last_seen":1650541441246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650541441246,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1650541441246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1650541441246,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hmVAAD8GAmXAqAJkMTO+spuOAFDYKxQrAAAAAKAC\/\/\/VsQAAAgQFtAQCCAoNnimHAAAAAAEDAwk="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1650541441413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650541441413,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GmdIxM76ywKgCZABQm44lLXPY2CsULIAScUgpvgAAAgQFhgEBBAIBAwMC"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1650541441416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1650541441416,"pkt":"eJS0JASgYDjgxTWgCABFAAAohmZAAD8GAnjAqAJkMTO+spuOAFDYKxQsJS1z2VAQAKza+QAA"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650541441246,"flow_last_seen":1650541441416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1650541441416,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1650541441932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1650813582412} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650813582412,"flow_last_seen":1650813582412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650813582412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1650813582412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1650813582412,"pkt":"eJS0JASgYDjgxTWgCABFAAA8XGBAAD8GNXTAqAJkMTO1qJsGAFBg5zJJAAAAAKAC\/\/\/zjAAAAgQFtAQCCAo+Nj3MAAAAAAEDAwk="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1650813582583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650813582583,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZABQmwaucKQhYOcySoAScUjS6QAAAgQFhgEBBAIBAwMC"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1650813582587,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1650813582587,"pkt":"eJS0JASgYDjgxTWgCABFAAAoXGFAAD8GNYfAqAJkMTO1qJsGAFBg5zJKrnCkIlAQAKyEJQAA"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650813582412,"flow_last_seen":1650813582588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1650813582588,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1650541441246,"flow_last_seen":1650541441932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1414,"flow_tot_l4_payload_len":1975,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1650813583121,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1655043605088} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655043605088,"flow_last_seen":1655043605088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655043605088,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655043605088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655043605088,"pkt":"eJS0JASgYDjgxTWgCABFAAA8y9BAAD8GxgPAqAJkMTO1qLC+Jxyp+mQnAAAAAKAC\/\/\/OLAAAAgQFtAQCCArRkRhbAAAAAAEDAwk="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655043605260,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655043605260,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZCccsL7ZMHkgqfpkKIAScUgbtQAAAgQFhgEBBAIBAwMC"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655043605263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655043605263,"pkt":"eJS0JASgYDjgxTWgCABFAAAoy9FAAD8GxhbAqAJkMTO1qLC+Jxyp+mQo2TB5IVAQAKzM8AAA"} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655043605088,"flow_last_seen":1655043605265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1655043605265,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655043605088,"flow_last_seen":1655043606011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":1022,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1655043606011,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1650813582412,"flow_last_seen":1650813583121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1414,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1655043606011,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1655043606011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 45/45 +~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 8942 bytes -~~ total detected protocols..: 3 -~~ total active/idle flows...: 3/3 +~~ total layer4 data length..: 13947 bytes +~~ total detected protocols..: 6 +~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869318 bytes -~~ total memory freed........: 5869318 bytes -~~ total allocations/frees...: 118136/118136 +~~ total memory allocated....: 5883250 bytes +~~ total memory freed........: 5883250 bytes +~~ total allocations/frees...: 118217/118217 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 470 chars +~~ json string min len.......: 461 chars ~~ json string max len.......: 829 chars -~~ json string avg len.......: 648 chars +~~ json string avg len.......: 645 chars diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out index 58c47eb90..852dade74 100644 --- a/test/results/git.pcap.out +++ b/test/results/git.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868559 bytes -~~ total memory freed........: 5868559 bytes -~~ total allocations/frees...: 118175/118175 +~~ total memory allocated....: 5871946 bytes +~~ total memory freed........: 5871946 bytes +~~ total allocations/frees...: 118199/118199 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 683 chars diff --git a/test/results/gnutella.pcap.out b/test/results/gnutella.pcap.out index dfeaf1929..0234354b0 100644 --- a/test/results/gnutella.pcap.out +++ b/test/results/gnutella.pcap.out @@ -4265,9 +4265,9 @@ ~~ total active/idle flows...: 801/801 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7020160 bytes -~~ total memory freed........: 7020160 bytes -~~ total allocations/frees...: 128079/128079 +~~ total memory allocated....: 7023547 bytes +~~ total memory freed........: 7023547 bytes +~~ total allocations/frees...: 128103/128103 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 179 chars ~~ json string max len.......: 1916 chars diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out index b84ea33ef..964770c54 100644 --- a/test/results/google_ssl.pcap.out +++ b/test/results/google_ssl.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868809 bytes -~~ total memory freed........: 5868809 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 5872196 bytes +~~ total memory freed........: 5872196 bytes +~~ total allocations/frees...: 118138/118138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 662 chars diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out index 85737648c..2b2c166d0 100644 --- a/test/results/googledns_android10.pcap.out +++ b/test/results/googledns_android10.pcap.out @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5914513 bytes -~~ total memory freed........: 5914513 bytes -~~ total allocations/frees...: 118704/118704 +~~ total memory allocated....: 5917900 bytes +~~ total memory freed........: 5917900 bytes +~~ total allocations/frees...: 118728/118728 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1424 chars diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out index 88fa6647a..09c91245d 100644 --- a/test/results/gquic.pcap.out +++ b/test/results/gquic.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876349 bytes -~~ total memory freed........: 5876349 bytes -~~ total allocations/frees...: 118106/118106 +~~ total memory allocated....: 5879736 bytes +~~ total memory freed........: 5879736 bytes +~~ total allocations/frees...: 118130/118130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2272 chars diff --git a/test/results/gre_no_options.pcapng.out b/test/results/gre_no_options.pcapng.out index 9e653f668..2800560c8 100644 --- a/test/results/gre_no_options.pcapng.out +++ b/test/results/gre_no_options.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866007 bytes -~~ total memory freed........: 5866007 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5869394 bytes +~~ total memory freed........: 5869394 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 653 chars diff --git a/test/results/gtp_c.pcap.out b/test/results/gtp_c.pcap.out index eb20b72ae..2643890b2 100644 --- a/test/results/gtp_c.pcap.out +++ b/test/results/gtp_c.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866065 bytes -~~ total memory freed........: 5866065 bytes -~~ total allocations/frees...: 118089/118089 +~~ total memory allocated....: 5869452 bytes +~~ total memory freed........: 5869452 bytes +~~ total allocations/frees...: 118113/118113 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 773 chars diff --git a/test/results/gtp_false_positive.pcapng.out b/test/results/gtp_false_positive.pcapng.out index 9b505bada..4b19f9046 100644 --- a/test/results/gtp_false_positive.pcapng.out +++ b/test/results/gtp_false_positive.pcapng.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868216 bytes -~~ total memory freed........: 5868216 bytes -~~ total allocations/frees...: 118098/118098 +~~ total memory allocated....: 5871603 bytes +~~ total memory freed........: 5871603 bytes +~~ total allocations/frees...: 118122/118122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 891 chars diff --git a/test/results/gtp_prime.pcapng.out b/test/results/gtp_prime.pcapng.out index 778fed182..b7c3cb07b 100644 --- a/test/results/gtp_prime.pcapng.out +++ b/test/results/gtp_prime.pcapng.out @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 193 chars ~~ json string max len.......: 672 chars diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out index e64b985d8..f1e84cd39 100644 --- a/test/results/h323-overflow.pcap.out +++ b/test/results/h323-overflow.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868026 bytes -~~ total memory freed........: 5868026 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5871413 bytes +~~ total memory freed........: 5871413 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 654 chars diff --git a/test/results/h323.pcap.out b/test/results/h323.pcap.out index c7c4333e1..eb5e09675 100644 --- a/test/results/h323.pcap.out +++ b/test/results/h323.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869377 bytes -~~ total memory freed........: 5869377 bytes -~~ total allocations/frees...: 118101/118101 +~~ total memory allocated....: 5872764 bytes +~~ total memory freed........: 5872764 bytes +~~ total allocations/frees...: 118125/118125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 676 chars diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out index 4f7ba4029..9328de496 100644 --- a/test/results/hangout.pcap.out +++ b/test/results/hangout.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874708 bytes -~~ total memory freed........: 5874708 bytes -~~ total allocations/frees...: 118106/118106 +~~ total memory allocated....: 5878095 bytes +~~ total memory freed........: 5878095 bytes +~~ total allocations/frees...: 118130/118130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 836 chars diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out index d2f86b017..fa46066ca 100644 --- a/test/results/hpvirtgrp.pcap.out +++ b/test/results/hpvirtgrp.pcap.out @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5896552 bytes -~~ total memory freed........: 5896552 bytes -~~ total allocations/frees...: 118253/118253 +~~ total memory allocated....: 5899939 bytes +~~ total memory freed........: 5899939 bytes +~~ total allocations/frees...: 118277/118277 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 696 chars diff --git a/test/results/hsrp0.pcap.out b/test/results/hsrp0.pcap.out index 47871e3a8..645baab5b 100644 --- a/test/results/hsrp0.pcap.out +++ b/test/results/hsrp0.pcap.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869161 bytes -~~ total memory freed........: 5869161 bytes -~~ total allocations/frees...: 118098/118098 +~~ total memory allocated....: 5872548 bytes +~~ total memory freed........: 5872548 bytes +~~ total allocations/frees...: 118122/118122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 676 chars diff --git a/test/results/hsrp2.pcap.out b/test/results/hsrp2.pcap.out index 68f677a89..1f2322fd7 100644 --- a/test/results/hsrp2.pcap.out +++ b/test/results/hsrp2.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867039 bytes -~~ total memory freed........: 5867039 bytes -~~ total allocations/frees...: 118090/118090 +~~ total memory allocated....: 5870426 bytes +~~ total memory freed........: 5870426 bytes +~~ total allocations/frees...: 118114/118114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 678 chars diff --git a/test/results/hsrp2_ipv6.pcapng.out b/test/results/hsrp2_ipv6.pcapng.out index 0598307df..31f256736 100644 --- a/test/results/hsrp2_ipv6.pcapng.out +++ b/test/results/hsrp2_ipv6.pcapng.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868025 bytes -~~ total memory freed........: 5868025 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 5871412 bytes +~~ total memory freed........: 5871412 bytes +~~ total allocations/frees...: 118148/118148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 811 chars diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out index 8c6f18359..a3948d72b 100644 --- a/test/results/http-crash-content-disposition.pcap.out +++ b/test/results/http-crash-content-disposition.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866318 bytes -~~ total memory freed........: 5866318 bytes -~~ total allocations/frees...: 118098/118098 +~~ total memory allocated....: 5869705 bytes +~~ total memory freed........: 5869705 bytes +~~ total allocations/frees...: 118122/118122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 844 chars diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out index 5efa77e23..02abbc46c 100644 --- a/test/results/http-lines-split.pcap.out +++ b/test/results/http-lines-split.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866385 bytes -~~ total memory freed........: 5866385 bytes -~~ total allocations/frees...: 118101/118101 +~~ total memory allocated....: 5869772 bytes +~~ total memory freed........: 5869772 bytes +~~ total allocations/frees...: 118125/118125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 878 chars diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out index 613916649..e6a5c53bb 100644 --- a/test/results/http-manipulated.pcap.out +++ b/test/results/http-manipulated.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876714 bytes -~~ total memory freed........: 5876714 bytes -~~ total allocations/frees...: 118425/118425 +~~ total memory allocated....: 5880101 bytes +~~ total memory freed........: 5880101 bytes +~~ total allocations/frees...: 118449/118449 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 984 chars diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out index 8bcfa13d5..40cdb0e2b 100644 --- a/test/results/http_auth.pcap.out +++ b/test/results/http_auth.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867144 bytes -~~ total memory freed........: 5867144 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 5870531 bytes +~~ total memory freed........: 5870531 bytes +~~ total allocations/frees...: 118148/118148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 885 chars diff --git a/test/results/http_connect.pcap.out b/test/results/http_connect.pcap.out index a3737b1e6..15ad21f18 100644 --- a/test/results/http_connect.pcap.out +++ b/test/results/http_connect.pcap.out @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873108 bytes -~~ total memory freed........: 5873108 bytes -~~ total allocations/frees...: 118197/118197 +~~ total memory allocated....: 5876495 bytes +~~ total memory freed........: 5876495 bytes +~~ total allocations/frees...: 118221/118221 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 924 chars diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out index 17b51bbf9..0c0adcfea 100644 --- a/test/results/http_ipv6.pcap.out +++ b/test/results/http_ipv6.pcap.out @@ -104,9 +104,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5956415 bytes -~~ total memory freed........: 5956415 bytes -~~ total allocations/frees...: 118390/118390 +~~ total memory allocated....: 5959802 bytes +~~ total memory freed........: 5959802 bytes +~~ total allocations/frees...: 118414/118414 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2310 chars diff --git a/test/results/iax.pcap.out b/test/results/iax.pcap.out index b23460064..e6636af48 100644 --- a/test/results/iax.pcap.out +++ b/test/results/iax.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867399 bytes -~~ total memory freed........: 5867399 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 5870786 bytes +~~ total memory freed........: 5870786 bytes +~~ total allocations/frees...: 118159/118159 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 448 chars ~~ json string max len.......: 679 chars diff --git a/test/results/icmp-tunnel.pcap.out b/test/results/icmp-tunnel.pcap.out index 3ea3f9cfa..277bbaa76 100644 --- a/test/results/icmp-tunnel.pcap.out +++ b/test/results/icmp-tunnel.pcap.out @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890976 bytes -~~ total memory freed........: 5890976 bytes -~~ total allocations/frees...: 118948/118948 +~~ total memory allocated....: 5894363 bytes +~~ total memory freed........: 5894363 bytes +~~ total allocations/frees...: 118972/118972 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 791 chars diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out index 291b60b44..ee0704fb1 100644 --- a/test/results/iec60780-5-104.pcap.out +++ b/test/results/iec60780-5-104.pcap.out @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875372 bytes -~~ total memory freed........: 5875372 bytes -~~ total allocations/frees...: 118247/118247 +~~ total memory allocated....: 5878759 bytes +~~ total memory freed........: 5878759 bytes +~~ total allocations/frees...: 118271/118271 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 698 chars diff --git a/test/results/imap-starttls.pcap.out b/test/results/imap-starttls.pcap.out index 5c449bce5..3fd0bee7b 100644 --- a/test/results/imap-starttls.pcap.out +++ b/test/results/imap-starttls.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868946 bytes -~~ total memory freed........: 5868946 bytes -~~ total allocations/frees...: 118119/118119 +~~ total memory allocated....: 5872333 bytes +~~ total memory freed........: 5872333 bytes +~~ total allocations/frees...: 118143/118143 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 820 chars diff --git a/test/results/imap.pcap.out b/test/results/imap.pcap.out index 84ab59d13..ff5458c43 100644 --- a/test/results/imap.pcap.out +++ b/test/results/imap.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868974 bytes -~~ total memory freed........: 5868974 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 5872361 bytes +~~ total memory freed........: 5872361 bytes +~~ total allocations/frees...: 118144/118144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 792 chars diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out index 007155a27..3caf9bdd5 100644 --- a/test/results/imaps.pcap.out +++ b/test/results/imaps.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871448 bytes -~~ total memory freed........: 5871448 bytes -~~ total allocations/frees...: 118111/118111 +~~ total memory allocated....: 5874835 bytes +~~ total memory freed........: 5874835 bytes +~~ total allocations/frees...: 118135/118135 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1217 chars diff --git a/test/results/imo.pcap.out b/test/results/imo.pcap.out index 0eaa2c379..0af80b7b4 100644 --- a/test/results/imo.pcap.out +++ b/test/results/imo.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869881 bytes -~~ total memory freed........: 5869881 bytes -~~ total allocations/frees...: 118188/118188 +~~ total memory allocated....: 5873268 bytes +~~ total memory freed........: 5873268 bytes +~~ total allocations/frees...: 118212/118212 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 436 chars ~~ json string max len.......: 882 chars diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out index a5f8c25e0..e4063eed1 100644 --- a/test/results/instagram.pcap.out +++ b/test/results/instagram.pcap.out @@ -248,9 +248,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6566228 bytes -~~ total memory freed........: 6566228 bytes -~~ total allocations/frees...: 121778/121778 +~~ total memory allocated....: 6569615 bytes +~~ total memory freed........: 6569615 bytes +~~ total allocations/frees...: 121802/121802 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out index 876d3c58c..ff85f626a 100644 --- a/test/results/ip_fragmented_garbage.pcap.out +++ b/test/results/ip_fragmented_garbage.pcap.out @@ -18221,9 +18221,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5895686 bytes -~~ total memory freed........: 5895686 bytes -~~ total allocations/frees...: 118198/118198 +~~ total memory allocated....: 5899073 bytes +~~ total memory freed........: 5899073 bytes +~~ total allocations/frees...: 118222/118222 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 222 chars ~~ json string max len.......: 609 chars diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out index 7650fb64c..d2e7cb754 100644 --- a/test/results/iphone.pcap.out +++ b/test/results/iphone.pcap.out @@ -321,9 +321,9 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6189937 bytes -~~ total memory freed........: 6189937 bytes -~~ total allocations/frees...: 118968/118968 +~~ total memory allocated....: 6193324 bytes +~~ total memory freed........: 6193324 bytes +~~ total allocations/frees...: 118992/118992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 3629 chars diff --git a/test/results/ipp.pcap.out b/test/results/ipp.pcap.out index cd26211c1..bd3f54797 100644 --- a/test/results/ipp.pcap.out +++ b/test/results/ipp.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876253 bytes -~~ total memory freed........: 5876253 bytes -~~ total allocations/frees...: 118380/118380 +~~ total memory allocated....: 5879640 bytes +~~ total memory freed........: 5879640 bytes +~~ total allocations/frees...: 118404/118404 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/ipsec_isakmp_esp.pcap.out b/test/results/ipsec_isakmp_esp.pcap.out new file mode 100644 index 000000000..189e4270c --- /dev/null +++ b/test/results/ipsec_isakmp_esp.pcap.out @@ -0,0 +1,256 @@ +00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946744635161} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744635161,"flow_last_seen":946744635161,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946744635161,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946744635161,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946744635161,"pkt":"eJS0JASgYDjgxTWgCABFAANMRLRAAD8RBzLAqAJkbe27wTikEZQDOKGBAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAQAAAywjAAMQxP+M24ss5zxVviUOnYt8V91Yfad7H5TKYI1AzQJmVQ1775vqK4lAOGdGsvlvOkX2Namze+gxnoVLyUAsp8SwHxJQwtql3LAOZXSDDfTnjzJHUODCqYiBpOt6uikxP095kw8q3tMwzSSPxcuj7XnW6PzRBCGEtG5neD4sVk+l1JkUVcikyt4uOcC\/FA8QvmxhLpkegjtMpjAsxLE3vpMBtiZj+zT0jhYqc9k6vSPwaeAn85HWGyImbG4DzrmeTU5UQgHG42GPzTrJc4WLmObte9S00AsQVQ9A9LBK7HPddpmzlyoydy05a7OrcGa87mSenEZtlJg6Srp22ovHxgUAaNXH5mPObtMfqQ\/ZO07eMESAHqJ0a5Gd6IHROQKUZIGLAHdP0GpNPOgz2hcQhC5MCG8SlPoyqs7YHAhIq7dkn82ncfrQg5LG4rFBalatIKS6za3YCBaUd6HgjP76noPl8Do6aqlBwL8fyDSwzzm05t4rCUJTqDfHbdLklbf0nPbCgstxAP6c4hbiTTjn\/qk7utZRt9YQcbWpqDJcanmCdmb1nL0mJbhqNJKT0laV1UV3x3fjRglRQgmAhhs2hUSJo0d4NihfES7R2EorTgVqgQI4yo5XdLXhVuIgKP4Ku8zRjlfJmEVoLMy3a7RLdjn6RWIc0T1R9cczYK8i8MjgqoZquR76DAlISwr878UZk6Dw9jKHBkUClj00siMfCWOzBAbTMxpNKDHfy5dB\/OC4DjkU8Jx5Ww4kZ1bGo0YToz8QCnkfhb905KjwaC0BtYJKhTYqKepBpdMk1ABAYnlGAgpGml\/BnBm2gK1KR+5V00l\/SciWQJHFxEldf+2DOoJtw884NKtF1vFW7EhPfWqLyLXCFeo6LZks4jdktwG9EUQtt4BLPuvVyXAU3LtPeLt60tAwN\/SuEqqQh6CheihsGUzntaWNdK9vF\/rZwhofpjFdB6Jch8YOvyjSwYpP+j6pyZmT7Nw0n6FlxB2xOH4XiWJP3RrVBIW46wWavhUPTR1GC0LhX7Jubx5eaacA"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744635161,"flow_last_seen":946744635161,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946744635161,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946744635283,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946744635283,"pkt":"YDjgxTWgeJS0JASgCABFAADsdK0AAPcRYZht7bvBwKgCZBGUOKQA2OumAAAAALZO8yExpIlShrq9OQSIaVUuICMgAAAAAQAAAMwkAACwawmreKZrDBcIUTKWFfToFDg6qtDsyKKjgBXTNi4vJaEzwbhJuG171IwN4X7FupdGnYt8Co6xmRVm+RkdtKZ0NJmqeR\/qj\/G34eopZIcEsqB7nVGS9NkMVNQcB92DOLKkbkTpEypbftjCf9PGdG4jAg2e7K5fG1yC3G1wHKmrKsTWscrC+5r6aMrQIgOr0unE2oUc0o+Ct9Zb0Dqhj+nQky39U42OTCpKJsuUJg=="} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946744635838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946744635838,"pkt":"eJS0JASgYDjgxTWgCABFAACMRLVAAD8RCfHAqAJkbe27wTikEZQAeEVsAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAgAAAGwwAABQsvg7Xs9r\/Ox3tq4oeDG2fCdsQnjxZd10Tk3TjbPgn+1YkpKifKhrE04HnKNVi6NO3zCXbR\/3wORB+UprbFsUQK+XhsAwdIy8g2ma9g=="} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744638499,"flow_last_seen":946744638499,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946744638499,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946744638499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946744638499,"pkt":"eJS0JASgYDjgxTWgCABFAAMkRKpAAD8RB2TAqAJkbe27wSkEAfQDEDTUtk7zITGkiVIAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAzeEi7yBuz4Jc\/1lTuVX20pSg0wd78lahgWmI7UPYwEqg9jMZjDlZCMEiLmQFe0Un1oHlqRMr5bur0YWYOFmXhIDmbpuDdYYTe2FZk4UyxO9yQYqnlxava5Eb30fMpgELAKsnrnWauPFmg\/ND483cWUra4SbFJUPC2aT60GVqXpKQAAJFaYhWAzRgXwwxmmNCLSkHZjhcYvCGnbRY7q28HVKg1gKQAAHAAAQAQLrJ6w\/lRWK0YeWEq0E9E8QsTPBwAAABwAAEAFSiYt1ZZ+5yll6Yhny4WW51p\/IS8="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744638499,"flow_last_seen":946744638499,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946744638499,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946744638499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946744638499,"pkt":"YDjgxTWgeJS0JASgCABFAABQc3cAAPcRY2pt7bvBwKgCZAH0KQQAPCbetk7zITGkiVIAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVc59hOnD3cUhMt6aqPw=="} +01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946744638499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946744638499,"pkt":"eJS0JASgYDjgxTWgCABFAAM8RLJAAD8RB0TAqAJkbe27wSkEAfQDKPqCtk7zITGkiVIAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFVc59hOnD3cUhMt6aqPyIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAzeEi7yBuz4Jc\/1lTuVX20pSg0wd78lahgWmI7UPYwEqg9jMZjDlZCMEiLmQFe0Un1oHlqRMr5bur0YWYOFmXhIDmbpuDdYYTe2FZk4UyxO9yQYqnlxava5Eb30fMpgELAKsnrnWauPFmg\/ND483cWUra4SbFJUPC2aT60GVqXpKQAAJFaYhWAzRgXwwxmmNCLSkHZjhcYvCGnbRY7q28HVKg1gKQAAHAAAQAQLrJ6w\/lRWK0YeWEq0E9E8QsTPBwAAABwAAEAFSiYt1ZZ+5yll6Yhny4WW51p\/IS8="} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":946745300340} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946744635161,"flow_last_seen":946745301909,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":14900,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":946745301909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946744638499,"flow_last_seen":946745300411,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946745301909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":946744635161,"flow_last_seen":946745725650,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":21828,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":946745725650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946744638499,"flow_last_seen":946745723263,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946745725650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-data-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":946747247312} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946744638499,"flow_last_seen":946745723263,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946747248846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":946744635161,"flow_last_seen":946747248846,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":28756,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":946747248846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946747261671,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946747261671,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946747261671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946747261671,"pkt":"eJS0JASgYDjgxTWgCABFAAMkuaJAAD8RkmvAqAJkbe27wSkEAfQDEGD5AZBhkeKlmwMAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKGAsvWV\/zQVhq\/hJoHH8AYniN6FeuyxSfw+6v8+TZ2aV\/eQHTAekhsMir30WM6CEekhg45zfVRaj2FmD+ZfPc1J0g35pRKSQvofRlbM3fuT1WnKIqplL2fu\/HlxFtKVp0xPS4zMaJRLqRwULa\/enCJCqs7IYnzlZiNo5oI9oqCWKQAAJEKv5LxLPIWbWhlAntaMNIE8OrosW7s+IoP+1aOYvC6+KQAAHAAAQATRkAuMyksdt7ZyyotQyUgkqphqOAAAABwAAEAFZ+MQmn3luQjk\/YoBsAfZs8bK1B0="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946747261671,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946747261671,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946747261671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946747261671,"pkt":"YDjgxTWgeJS0JASgCABFAABQldUAAPcRQQxt7bvBwKgCZAH0KQQAPJQuAZBhkeKlmwMAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVeqG9ayGKhGr+lsf4kQ=="} +01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946747261671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946747261671,"pkt":"eJS0JASgYDjgxTWgCABFAAM8uatAAD8RkkrAqAJkbe27wSkEAfQDKBBcAZBhkeKlmwMAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFVeqG9ayGKhGr+lsf4kSIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKGAsvWV\/zQVhq\/hJoHH8AYniN6FeuyxSfw+6v8+TZ2aV\/eQHTAekhsMir30WM6CEekhg45zfVRaj2FmD+ZfPc1J0g35pRKSQvofRlbM3fuT1WnKIqplL2fu\/HlxFtKVp0xPS4zMaJRLqRwULa\/enCJCqs7IYnzlZiNo5oI9oqCWKQAAJEKv5LxLPIWbWhlAntaMNIE8OrosW7s+IoP+1aOYvC6+KQAAHAAAQATRkAuMyksdt7ZyyotQyUgkqphqOAAAABwAAEAFZ+MQmn3luQjk\/YoBsAfZs8bK1B0="} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-data-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":946748116878} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946744635161,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":28836,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946748116945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946747261671,"flow_last_seen":946748116945,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748116945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748252067,"flow_last_seen":946748252067,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748252067,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946748252067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946748252067,"pkt":"eJS0JASgYDjgxTWgCABFAANM6MpAAD8RYxnAqAJkbe27wzikEZQDOGeNAAAAANpOZUhee9vE4X9PRQEMKCsuICMIAAAAAQAAAywjAAMQsrXOsXYVW8iUlhIsUUvNjT\/voEQADww3FHRxo8Lh5XNDoNVmKGRxbykmB5j0XNFwzenOaAt3l01KgqVKbH5pkgNGhL7kplclqCyVu6i53noegjTJbis6int7lQLn21Xx9LRt5aPR38ts9B8PPBqP++xoTYB4p4zfDP022YuzS4P63bUv2ohk\/FItQHlJd0Fmu2NMTXpmgfgwx4cLEl2wojdOCV9i0OGHpCw+g39I2Tiea7iSlyCWe8tnIMVZovYpbDCgJDGw43rcluIrMbLLRtdUmdAGwzF3yMawpmK0gXt\/+zRMdKGnaBljPhx4\/\/ZvLQVEIeQAeSjocKro9zfFcz3zsKie0+tHpaDnsjH9jBk8ZPhRpRUxFqg8AQFXkkp7gRLmdQwmEhIzLpb1I1lIuvpvaO5UWMXQA7k8uQB\/mkiLG+YqXVkyN1Y0enHvmE\/A71PHs6bfiumAy42wqIXH2yvRiN3Ks0csnwHy1vrl2jjKACowTHaIWJijf7VdNvRI4ulE6Rm3KExWQEqvAivfqYx4SHovkfbyIsoNZxKN\/Fnw25ppLQ0NJsQjLYD3KcCXjM5zU1RpgZGH8fGvzodxvxDgr\/qn7IUY8kHt0ngSJDt7zq39MsFzb9ZFGDypbck+w8ML4t6RzybBt1l80+4+hBv+ZV3WqpCsLoUSW8W1IkDUtws6QQJDRV+SasL7QzLKX3UcoHTKTKfMqjMzlT\/JPKpVJFVzW3onn+XNdJ3TsN0KninOkmVi3pknAkieQCxfSzpcjbQuu3J9heIKLmuC7uQo1YPeFI\/7NP27zjElKu5qfQTekYBHfz5ucSpV2JfWki1rk2DeNVR\/k4a6BvNV+0Ihgin44j726m6Y3Jwr2bTP6ELhU3ruAU\/5su6dVhXjbQoOfojwjd0Ghb9P7CH6lJXh1wiy84wpC64Fw6mo5xAummAzZpoxIJQ2RJ\/8V0E8yMC6+tFlFq4bOyDlFJeMjPRwsKEE5h\/iwf2GPQ2prxGGfJgfQHtCEw6s52vUUiT7N4X3wlnFUNkta55O"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748252067,"flow_last_seen":946748252067,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748252067,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946748252223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946748252223,"pkt":"YDjgxTWgeJS0JASgCABFAADsll0AAPcRP+Zt7bvDwKgCZBGUOKQA2ApBAAAAANpOZUhee9vE4X9PRQEMKCsuICMgAAAAAQAAAMwkAACwwtTY3LpsT\/qwmvDisdfuxNK9yYrpebO+rMZ5gosLrRPfV7l+EmjCwenOXlPnAJuTroZt2GWmHMwPx6R5Wj70Qr9DZKVTSqPq6YqJS5sGXfmFN\/1jExW+fCr7RKpVks1R0rYUvIXhcUMq0ZUYx\/gcQzqKd1Y5K58gnestiIbcfozWvwAaS\/ZalYwjttsUIr8A6e7tdKFyD5BgINSk\/rB0eTyeYdm7\/lsSjZrFmw=="} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946748252781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946748252781,"pkt":"eJS0JASgYDjgxTWgCABFAACM6UxAAD8RZVfAqAJkbe27wzikEZQAeNdkAAAAANpOZUhee9vE4X9PRQEMKCsuICMIAAAAAgAAAGwwAABQbRlMTHkBUjUiFIJs0wUF7LPLrRl4iHhgYt7SBLhXlxpp\/nE4VODX3ETKtazVaSDnsVwjWda2BE7eb0FjKUfCaTvVEmiG7yYu+Hga6A=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAANMYHpAAD8R62vAqAJkbe27wTikEZQDOLCfAAAAAP914hnvOUFtU+t6DQP4cgkuICMIAAAAAQAAAywjAAMQJG6kBzuSbgmtHm3DmL2y\/nYa\/nQiHQr5ien9M4jGctznhQLh65BLJSOLQ1\/OoPd1hL8iWIXKH6OJRvz0lkxteLxEV4slgt\/iCr81DNXSos3Vxq3mBiUra3nmmCi+9ftz4RS3DQOfeyPbrgqPq0nKy0fupVsKJ7Zxz7gFDJisD4Zcguyx2F0uGpkxEjzEZRAMnVm+iKOQNnv88Qhcsr8zj1\/SiHbHUbDEIsI1cdidANE5eorr8On\/dRHr19qai9eAN80h\/tejzikg8CsBp\/WxAroxOc5xtdJoITbwuV5cwAnWXc89gupef8s2ynw8sCxDHSmBTElq0MdpJEEWrBWZMFFt+QW5iTsF7lc1mTr2KlVatW\/frNLWT9TBxJyVROT\/qlIvRoCO28Ifm+a4NKxL2oF+cBaN1oJUIF2+NgyZGJBBzt1xNvANeS6fhmkzrterXpxuFxPXt9t4iBznp0ucpzCaXMVtomPODVrpNrBZcFISOjEcgBnHU\/f\/1qy8q\/Ygr9o86z1558Bta6Ws5mzP5vEe6fS4CXWAKUd0fycJnrqwdCur7F6A25xKjkD9VdbCoYOOfJ3svCNmQ249FAOF9sVu85qHYK7VRJunX9bja\/s9Oqb1dkTDuJeR7NWVrF\/6MKIlcjB8xbefJAKk2U\/6YfBr1iqqLzlvn1JM2qaRtwWeAO7iNi8CwbTnhKU0Dkv8lZ3+t+odHhY8JE0GOT\/XrB2P60m\/b5r60qDOgSL83oxI3pnwb\/th9Y\/ZBeQOT7RRqa5xsS\/7LRf54dHEKHvyYFxB1gidL+iEiBYnmKXKiJ93OcckD3zm1T2veg+eSK5jBviAPJilRAu\/9WSrqVLfCh41n+hz5dLo6RVdNMhRh0EaKuniXpcsmIC6OML\/YM3L+cTys\/1ehMTZJ5H7W4D6aDlC48W5lD6y8F+FbS1WvOYVXYyONGexnP1DJD6sMvWK5Q52bNW1EriIYf6I81yfVkjESiMA5ZA+Eq4pQUgDA5GXT7KTHfVx8STidRTLi\/eORWO4h6b0v5dA8dkn"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946748266345,"pkt":"YDjgxTWgeJS0JASgCABFAADsWI4AAPcRfbdt7bvBwKgCZBGUOKQA2HH\/AAAAAP914hnvOUFtU+t6DQP4cgkuICMgAAAAAQAAAMwkAACwfOu85cuZCUbVuq5wm542UXnESUHvBRNjBca38ma3hqliZsy+G\/\/n62MBVQNpBmYJoZnF09Qmr1Z9AMg5tlsZQg+4xCpY4ssYThUAi8+wYicxcx11cAacOuAlsFrAIcFYRZV3T7KvT4B6PT3kvl+mZX8NHattCE7zkX+uEGW41fimmWlx+QR1iVB7GlSVyjJxXMb2eHWzkhBMoZHUk6vSm+Uwhf0kF6eDJ160Jg=="} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAACMYKRAAD8R7gHAqAJkbe27wTikEZQAeHXnAAAAAP914hnvOUFtU+t6DQP4cgkuICMIAAAAAgAAAGwwAABQsyybA\/pO5Y0NejAqULLQtpl3j4jbOqkLYKooS0R9AlfONoTAuJ23Z4\/\/Qg3tTx3Q2UzJE2YfJf0QtP9cSb3bPqnZCPECcDF2jFD5Kg=="} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAAMk6LJAAD8RY1nAqAJkbe27wykEAfQDELOl2k5lSF5728QAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEWBsQ9kaLxzTkrabWSYqvv46zeeAB2r4t6eafrhND2UHjPer+76pSUiMJgZNfJbyU7Kq1544uJ9m882aGdmjcnapva+LG8b1xvmdrWPkwyhcAet3Kuf79u6LZBnTMWiJqA2z2dlH3ExsLwUYVzB\/9O+guLX64aMD4yr43miIqE+KQAAJNbeYndsxpRteQJq7FlIdurWEhJnYXNbqT1WPC1KmuqpKQAAHAAAQARb6C2wDaopl+DFj+XmAlY4N5j6CwAAABwAAEAFAoYE8OQWRt3BYjiQBZCwYMlfBHc="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946748266345,"pkt":"YDjgxTWgeJS0JASgCABFAABQlSsAAPcRQbRt7bvDwKgCZAH0KQQAPKW92k5lSF5728QAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAB8LnJU3X9N35FnuMbYiA=="} +01512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAAM86MBAAD8RYzPAqAJkbe27wykEAfQDKA2m2k5lSF5728QAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAB8LnJU3X9N35FnuMbYiCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEWBsQ9kaLxzTkrabWSYqvv46zeeAB2r4t6eafrhND2UHjPer+76pSUiMJgZNfJbyU7Kq1544uJ9m882aGdmjcnapva+LG8b1xvmdrWPkwyhcAet3Kuf79u6LZBnTMWiJqA2z2dlH3ExsLwUYVzB\/9O+guLX64aMD4yr43miIqE+KQAAJNbeYndsxpRteQJq7FlIdurWEhJnYXNbqT1WPC1KmuqpKQAAHAAAQARb6C2wDaopl+DFj+XmAlY4N5j6CwAAABwAAEAFAoYE8OQWRt3BYjiQBZCwYMlfBHc="} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946747261671,"flow_last_seen":946748116945,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748298684,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":126,"total-skipped-flows":0,"total-l4-data-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":6,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":946748870137} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946748252067,"flow_last_seen":946748871542,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13776,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946748266345,"flow_last_seen":946748870202,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-data-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":8,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":946749778334} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778334,"flow_last_seen":946749778334,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946749778334,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946749778334,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946749778334,"pkt":"eJS0JASgYDjgxTWgCABFAAMk5zNAAD8RZNnAqAJkbe27wikEAfQDEPyMUUmluBAEMEQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778334,"flow_last_seen":946749778334,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946749778334,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946749778364,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946749778364,"pkt":"YDjgxTWgeJS0JASgCABFAABQyUgAAPcRDZht7bvCwKgCZAH0KQQAPBQcUUmluBAEMEQAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVgBk+LvIcxJJoE2awhA=="} +01517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946749778371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946749778371,"pkt":"eJS0JASgYDjgxTWgCABFAAM85zdAAD8RZL3AqAJkbe27wikEAfQDKIJdUUmluBAEMEQAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFVgBk+LvIcxJJoE2awhCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778420,"flow_last_seen":946749778420,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946749778420,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946749778420,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946749778420,"pkt":"eJS0JASgYDjgxTWgCABFAANM5zxAAD8RZKjAqAJkbe27wjikEZQDOErMAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAQAAAywjAAMQbA4QxmfNSp+fyUaP2skcxjhRyRA+Hy+nulOzx4seP\/VJbGCawiDcrcQc5QWGL3j\/WGmj93yDBSuy1WL7euil8k+L7Lh7IAx\/NEbTgeGj3cL+spCq6ZMgNKlhRmf6z4mQrPD29ZnJmLkBEmRQeomp2qPvmDIKkRMTrB2BfjuJ3YLSygMFLctsI7ggXNYV1Po\/4vPk4vVzDgwRrFqrW7KYrJLiAVN1hDJPr7Gy9kuPluJ8z8o2PofHRbWuScAYE0E+eb21tLzdgXQ3tKXX\/vpC+hFitQfjlOh5t9vsoEgIWNuITZ3lvptM6HOoSsn5dQw+XRBKZuJT7XF1A11+UL3jVX5RITf88G+Q7dv+tP6+TWskvGxDjrTTGXNofiTWyJ0w+3Fdae7fW2ijy34\/AL0iJMLvN1YPXO3N8vN5fGYPpypBTKw4V7xWeo3oBe0ejub4fmsULl2SoNBKg9VDPByKUUYEn50TQzW4BY7Z\/PTxzIQcPmN6aDEGl2ZTA47xO9I\/J4Zg4T43ce7SbxXpZ7f4uRctE9VnCWLMpGoVX9J+gc3pnlcwRtYfvwllyRptZ87skVsrIIvJBqDaL1f+oFz66PltKumOsgL0CivcQ6iqILl0OFgquRDBleUUEodHghaanDd7OmwElgTX2VD7RHoHmm5WDDXo2Tu35iL9ktdUtRy3n9bBpXgD1gXs8xWnOBYEH4muaXHxllxzh3KU+j1o1hssWvMNqfk3+UtFJIb0\/HFa7TC0KgAqPRF8BpMATPvlSferLmQOkCNvtSvw4LYOAPrld3EUDVStRHUbViInYZC1CTA15NkdRyFHZ1Vwqg\/6HJvl5DH8X0N95iuoDd+x3ONBHtR1y6njUd86stH8E\/t9P6ZXKzKVKC8e9b9G+9dCCwrRz4bWQMpH3mV9fTxYCVHXsaZR0xVSrKXIE6kZ\/XrBFCnbPiPXQkJKO4Nwn9bhYgongIZBMSUV9SDtmsnwsaLjW6NEYKhlmP3XJ287IRxrZ+3XDb9CCTOVdttWvgGvN5pdRZKp9jpIxrWW"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778420,"flow_last_seen":946749778420,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946749778420,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946749778561,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946749778561,"pkt":"YDjgxTWgeJS0JASgCABFAADsydYAAPcRDG5t7bvCwKgCZBGUOKQA2H8VAAAAAFFJpbgQBDBELFuvwAKAaBsuICMgAAAAAQAAAMwkAACw2vKDsI4WvCewQgUoU\/SKrFqCVUiKj1KKiDUx8Cqi9Zwcr5gbr2Mtoeu970bnlX31FD4v\/q7xpGL7dx9OD7xJZhwuc1Igl\/opndPG7\/EbMmU7b4lg00bORCDWSEUicP2p712CNcs8OyaUthH\/WyYO+D2i8bAigrbPmFCDIkhLbGRlEsDsQxrZRbqYVnxjaH3eSWftv0T1TsSVO3fOcXcaUJcQtsMqEfqp4CNimw=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946749779105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946749779105,"pkt":"eJS0JASgYDjgxTWgCABFAACM501AAD8RZ1fAqAJkbe27wjikEZQAeG1BAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAgAAAGwwAABQGw+MmDcuV24HZanpawl3j\/i3cSl527taeiNa1LQV32lRXZkxAYiyvhFGbUNbtCFv+dhSQ2oZjW\/ai6sYO041xroOv3SvSK1vPWSgpA=="} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946748252067,"flow_last_seen":946748884718,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13856,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946749779886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946748266345,"flow_last_seen":946748870202,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946749779886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-data-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":8,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_msec":946750800427} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946749778420,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":946750802633,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946749778334,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946750802633,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":188,"packets-processed":187,"total-skipped-flows":0,"total-l4-data-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":946752053636} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053636,"flow_last_seen":946752053636,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752053636,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946752053636,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946752053636,"pkt":"eJS0JASgYDjgxTWgCABFAAMkWWVAAD8R8ojAqAJkbe274SkEAfQDENTXeUX3Y1A5a1kAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053636,"flow_last_seen":946752053636,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752053636,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946752053657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946752053657,"pkt":"YDjgxTWgeJS0JASgCABFAABQOHkAAPcRnkht7bvhwKgCZAH0KQQAPOJkeUX3Y1A5a1kAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE0tZBdGn8MHoQ9Q8GZvw=="} +01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946752053676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946752053676,"pkt":"eJS0JASgYDjgxTWgCABFAAM8WW9AAD8R8mbAqAJkbe274SkEAfQDKB4CeUX3Y1A5a1kAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE0tZBdGn8MHoQ9Q8GZvyIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053740,"flow_last_seen":946752053740,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752053740,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946752053740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946752053740,"pkt":"eJS0JASgYDjgxTWgCABFAANMWXVAAD8R8lDAqAJkbe274TikEZQDOP4KAAAAAHlF92NQOWtZRVafIANU3ed\/ICMIAAAAAQAAAywjAAMQBR\/ZJ+3X4QcdMIisXdIsU3PhwmQh1kDFx7t6\/5ZlEuSALchlMYdKNbjiP8V7XG+VkbLRJCUkt8VxzgXkbFm0XsCoZkirqFU42hH5vsNJ8atCWBsd6Czcordw7Uj1SnFPEgr9gbj8i35Q1CZjzvPpOg2XDfTj1F8Qa2ARCJGgVHZvqP1dsh1WdQDacuVxFhIR4I+JjElx\/TMSBe7XFScWmAHiyJZSR\/sug\/9l+YQ6TuHMRfMyw3KI2RT8fG+dSAP0zafR9gLQtvvjBDzYY8iKmgi7bpirCVDBD+NLJOgYQPiaGccGg43WpShhzPaY9pQwjHUv0HhPXCiIwMiS1+WDH7aKM3GJWA+QGuo6B6RhGHpiNw0\/QhMLIZssGIumxah6sniQHHyxgczJ9Xpmc9SfxoDLs71VV7DTxSj4fXQ+P3Smlay8zndK9wSEVZaDoi0x59qZOkw4MisQa\/rd0PzZ13W4DYUfc65s+3SvwSd71wWNuPF1aT6QCOgVvz0pByFSSmtoYZPXYAUypnLWpoMf\/cAZvYUtnIBaKKOpXT2Wp\/THfyvQqR9mETUY35K8\/Vul2tXwO5Das\/wKyGAsnT0j5r\/ONfK4DgoV3TQDZSER7cGwpZouqrKNneh1Yrmj8+S213d0PH8sYjZnsCspvkEKJJqU6AWTIsNOAPenF2nyLcYHITE3VXYgMt\/73R88gw\/r8iNV3wi1xnTMMbihS+I1uGhtfa7i8iGxo1WtdHjzi+uaNejNmNuKGecVIIvbgZlAtgQpZTx\/SKEyYVNnCsb+ikwOsPCilLDHACCjyogntRNIwYKpEYFr+e+\/+c8LK3xW+JXYp397K3+8CyAXrfLDr86qSPz0RnN1qca+S5OojUUkz9PSOota5KYqGrM1KJeHU5WRdFAdeqNEjUcNydZHmuf2De1ON7eXeW3RrZ6EhSMo5oNKkQFRku4BP0G0FHVUFpY\/2QZ19IbwpXjpC1raZF3g\/EOPHq48CB+DMuJ15M+r\/F2tqhqHcYi8H2Vf42h8gHHpqTmNFaPgpt0\/"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053740,"flow_last_seen":946752053740,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752053740,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946752053856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946752053856,"pkt":"YDjgxTWgeJS0JASgCABFAADsOPIAAPcRnTNt7bvhwKgCZBGUOKQA2GSxAAAAAHlF92NQOWtZRVafIANU3ecuICMgAAAAAQAAAMwkAACwbCnQO0t8tiDbRI0Dx49OEdau4d\/WY4nre6ns6n3vAP909JuZ1MJBTo0cUkWOpcHHZSiemknv+kvvcs0Xa4fyeaoZ0\/\/TyH\/qVQorUwn5KKKhNef10qbGA8IojK5T4Q9tL6LdR5DoRQd5VxvHqhklCeGrMX+Xi\/tVgDc6u4AVew+xxWga6nIJW2nxk4XW411m7qykRZck9XPKemD9+TvNlS3b9braHWj2dkZaUQ=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946752054423,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946752054423,"pkt":"eJS0JASgYDjgxTWgCABFAACMWZNAAD8R9PLAqAJkbe274TikEZQAeO2UAAAAAHlF92NQOWtZRVafIANU3ecuICMIAAAAAgAAAGwwAABQJ30Fv5jPlEo6jF9WI+\/EQw5N3QovViNGDc2rMu6lmbrgZceFAAmNip6IhkJ08NB0auxPyCkplcHXICvksAjBFss5XRkKhPp+oCuvyg=="} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946749778420,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":946752055364,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946749778334,"flow_last_seen":946750900970,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946752055364,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614840,"flow_last_seen":946752614840,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752614840,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946752614840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946752614840,"pkt":"eJS0JASgYDjgxTWgCABFAAMkYgZAAD8R6kXAqAJkbe27gykEAfQDEBL5k4UY8WP9qlcAAAAAAAAAACEgIv8AAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEg3gVs0kfsAz\/oojyv8ckOUCC9t8U9Hs8TtFSpV4V4SadeUcjl1I6R0pqQZVaDsd9TMRSFPTs\/X3XBjLj0JUR+BRdCNpv5E0zCgTJb2152j9dZb2m6ovXFIp8oTUmXYrUNXHwK3xhWMtYAlhxUiaFpdLrhis3Tnpx5vqzW\/KwvDKQAAJOo+EM5r8NdoQKu1SZOr+dnCbtz\/h3c8Wr57Ju9JT5d7KQAAHAAAQASuZzovIprPIHqf1SfYquzmSO1wuwAAABwAAEAFB2gO4vR+1eCom3VMh7fIBdvef9w="} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614840,"flow_last_seen":946752614840,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752614840,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946752614864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946752614864,"pkt":"YDjgxTWgeJS0JASgCABFAABQ3r8AAPcR+F9t7buDwKgCZAH0KQQAPOaMk4UY8WP9qlcAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAAAAPa+lnAaTgFc15s6oA=="} +01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946752614874,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946752614874,"pkt":"eJS0JASgYDjgxTWgCABFAAM8YghAAD8R6ivAqAJkbe27gykEAfQDKO58k4UY8WP9qlcAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAAAAPa+lnAaTgFc15s6oCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEg3gVs0kfsAz\/oojyv8ckOUCC9t8U9Hs8TtFSpV4V4SadeUcjl1I6R0pqQZVaDsd9TMRSFPTs\/X3XBjLj0JUR+BRdCNpv5E0zCgTJb2152j9dZb2m6ovXFIp8oTUmXYrUNXHwK3xhWMtYAlhxUiaFpdLrhis3Tnpx5vqzW\/KwvDKQAAJOo+EM5r8NdoQKu1SZOr+dnCbtz\/h3c8Wr57Ju9JT5d7KQAAHAAAQASuZzovIprPIHqf1SfYquzmSO1wuwAAABwAAEAFB2gO4vR+1eCom3VMh7fIBdvef9w="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614924,"flow_last_seen":946752614924,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752614924,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946752614924,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946752614924,"pkt":"eJS0JASgYDjgxTWgCABFAANMYhRAAD8R6g\/AqAJkbe27gzikEZQDOIckAAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAQAAAywjAAMQEQR4FktWGHCfTMOeDB5DCCEk1TjBbIVuH6Ow8PEQR2HAqgmEsEi91tj6w0Fl\/gqHsGTphqYxKHx374ZhXFCVCFsrbuih1wXQv\/zFKEysWV7hWx71Ib1EWGnSF6ACpmXeq9tEJQHpCTpnOEYmWAwfJZxAFG1OnNaS3S8jiMqfu8k5SURESCxQwn\/oDj44XGcb\/wH+3n\/w0ERHUrWxI7XUUx6N0bGNKKVdIreNUx1iplSJLx+XaaqzJ2CXv2t2mucULoUdiK3rY6KYRk9adCCkOCW7atCVw\/Dz1dGSbsk2vYONfcqNDLMYt2ZYhY6rXkGJ0P9dTbxkQmy\/d5ABuhXBlbDrDgBZnF3e3EIqESXWf10ABJrUTtH8fuPPsLHO6f4sY2g7aHNU8Qp6a33n577S9e0zHVnBE1rKvUNTXvQRJM9aEgiUjk8yQh1eN8M36KRgl50dSneUwheUIXt3VW6Ffa8UQQwXEqCOEwocOyh8l5apUYWbjmJmICItTdbUdshIeothNq+AaGbcmSmrgxESENFbz4+bjOazX5wNQ3jp8AD\/H\/uoUCEs7JoJvhgnns5zUqum44YuRVTjwwaury0NBMNBuu4ZgGTeGFcl7B7o6BqZGvDcAy7zwdOZ7x9FAnRlMgBSwRKy0viCxXa5bvI+7edDcnrj7KTgs8p1CIat6u5yHx7konwyUww+Q1V52uPn4XYhd1luucsOidTXgK9WEM5hw4pqV+g7jRklVxPfEc0\/Kikgnupz9puTWeX03gLFv2yHSQiL0x+LQ3XjdKX\/AnbjaxyYrCgJSZbi81\/vt5bGTcPi8Pj2T3vlfMSprOiAgGKBMtMpSv+sXHGZZcCN5+fBHupe9NPB1zmU\/lbE2gy\/ssnXeittwQpplx+hdLSgnUje\/QEleapeH1UGp\/AgtJ0vULj8bRWnmA3vZq1Y18v7z2gpAkMU7HYlsYPxb\/xN4NCGkOzFvB9rw+jFJsXMN6UUMb63VXOqMYBs5\/Tj9crfqAsUmo8Zv2MKa3377pttPhbPTZhVxiX+1mCt"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614924,"flow_last_seen":946752614924,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752614924,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946752615060,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946752615060,"pkt":"YDjgxTWgeJS0JASgCABFAADs3yQAAPcR915t7buDwKgCZBGUOKQA2NJOAAAAAJOFGPFj\/apXtO8xDwLcetkuICMgAAAAAQAAAMwkAACwpdyW7c2\/gJunZPldMG411Fh9XqpWg0EGVUCu6b4sTpdSkoNBs3\/CE4TFf8eat4rNXCNJJMOTO4t7zRLT4TmdXa92K0pHwl8LDGXFFZsrJdJPRItlhYnUch1AegTc7Y\/4aa7WDES\/4jdGVNuF2mpbAdVbrWRKvson1Aj1kzSzxGzvxugD+08NJGxTPaQqcVwY0uvTjefK3iDBSw\/nM82zQiIarpThHkv1rvf\/wg=="} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946752615613,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946752615613,"pkt":"eJS0JASgYDjgxTWgCABFAACMYhlAAD8R7MrAqAJkbe27gzikEZQAeNh6AAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAgAAAGwwAABQWFXXJkXtrzhht+gv7jZ95VEVBCnWapg+MomShlwjPicL4QCRZxMSSVMpbVw66U7T50uDB+5pmL\/W4ALVgFtUgLJsZyv4SFTwa+0OoQ=="} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946752053740,"flow_last_seen":946752068592,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946752616641,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946752053636,"flow_last_seen":946752053697,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946752616641,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-data-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_msec":946753056378} +00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946752614924,"flow_last_seen":946753058099,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13776,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":946753058099,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00805{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946752614840,"flow_last_seen":946753056444,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946753058099,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":245,"packets-processed":244,"total-skipped-flows":0,"total-l4-data-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_msec":946756085796} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756085796,"flow_last_seen":946756085796,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946756085796,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946756085796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_msec":946756085796,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAuBAAP0RjIXAqAJkbe27wasjEZQBuEiAAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAQAAAawjAAGQQF79b6huHtPKErITdIUO\/QjlpSHswO\/9ioYhBnLYsJUoIUmfnUpBr3Po\/OdJJVNMepzAOvSeggL2pjZTj9dKmnR3\/PM3fhBDF8NcMDQbBXvC7QxTKJZTnUfkk881X5a\/g77eRsDByk24BKRFupHgXm9JxMuUqz9AuVOnm4NBfwKTMVXjUNEQtkAzVuhsDcyqKusYnJ81cfYdIk5LwLgUQczUBvlDCka3OorgvxScDCOZppjI661UpcnKSAOl10AUzitOXX4Sf1q4\/2+eSwMmz9NIx5gR4C8OsKHWrS46IlJialinycMwsZsTGmE66+bCHIal8y8Ar1mZux6G9skkXM0\/xDcT8HX0NJm3xHn4rYAEy6+FVyThDICTkGOQ8\/OGbAHfatyTPGmM7gUHR\/CIqk2d\/5qVY\/q+N89fy1rlbMoNv1B8muSwUse4B1yQM9+HJ7F8cmircdWKEpZAIvPkrObfa2jQuXUNlIRVLPokutIPku+Rs972Lm4Ub8AH5EGOnNdgwZBbtxuUUUg4"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756085796,"flow_last_seen":946756085796,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946756085796,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946756085939,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946756085939,"pkt":"YDjgxTWgeJS0JASgCABFAADs+pAAAPcR27Rt7bvBwKgCZBGUqyMA2MgYAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMgAAAAAQAAAMwkAACwGwVeph0IkLSNrMQe9KFyeKE0QuZjK7my0+yRWqTxlzWUA3mRbb7srC4MGUsPo5STZ+eQ0KsfgOiKhZp7JjPvU1DpL0hGi1nu0ki7rscKkFtuaIb3IUMJBUDOuKDG8TawmlzjbXA5xqwrTD4Y0Fd66XG6kIfvpzqyfjU8FQSbpLWobjdeptHYBdDQ0iUIflW9bAVW8UU1fJkZpox2qaywq8WitQBykYYx17qunw=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946756086594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946756086594,"pkt":"eJS0JASgYDjgxTWgCABFAACMAuFAAP0RjcTAqAJkbe27wasjEZQAeNGiAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAgAAAGwwAABQQF79b6huHtPKErITdIUO\/aRiOYMcetOdPsiFIJLCSJQ4cF8NEcwjhKJjD422ZZANRXbfE3zsy3AffzRBbdt1fenFelwBzHh8VhUHEg=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946756088542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":946756088542,"pkt":"eJS0JASgYDjgxTWgCABFAAFsAtxAAP0RjOnAqAJkbe27wasjAfQBWDUKbglRU5LrZucAAAAAAAAAACEgIggAAAAAAAABUCIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAADD2Z5sNtrXmz8BOvNVblZ8eEq2k5A\/gwT84dfeS3MBtg7koKMeAMZ2TQn3soqXj5\/oVDPPLSSxj5O\/4p21wH6jJFtfjZLlhx0Y8hWCH4o4ded+u2fr012XP1MaDigsW2Zl+T0\/xFmuUZe1rDGZDhBjVPazOyZ4OL3Nkxu4by16eSkAABju+4lbxLErZd2AJ\/RH4tY7CBVRzCkAABwAAEAEUNm8N0zQnJIJGe4OghGz2QL+aNsAAAAcAABABdNtFsod1u6ziduzF06LuHj0Rn00"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946756088542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946756088542,"pkt":"YDjgxTWgeJS0JASgCABFAABQ+doAAPcR3QZt7bvBwKgCZAH0qyMAPCrmbglRU5LrZucAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVk+LiqnjzgFIY5qXmyw=="} +00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946756088542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_msec":946756088542,"pkt":"eJS0JASgYDjgxTWgCABFAAGEAt1AAP0RjNDAqAJkbe27wasjAfQBcNWobglRU5LrZucAAAAAAAAAACkgIggAAAAAAAABaCEAABgAAEAGAAFVk+LiqnjzgFIY5qXmyyIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAADD2Z5sNtrXmz8BOvNVblZ8eEq2k5A\/gwT84dfeS3MBtg7koKMeAMZ2TQn3soqXj5\/oVDPPLSSxj5O\/4p21wH6jJFtfjZLlhx0Y8hWCH4o4ded+u2fr012XP1MaDigsW2Zl+T0\/xFmuUZe1rDGZDhBjVPazOyZ4OL3Nkxu4by16eSkAABju+4lbxLErZd2AJ\/RH4tY7CBVRzCkAABwAAEAEUNm8N0zQnJIJGe4OghGz2QL+aNsAAAAcAABABdNtFsod1u6ziduzF06LuHj0Rn00"} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946752614924,"flow_last_seen":946753071332,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13856,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946752614840,"flow_last_seen":946753056444,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-data-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_msec":946763512822} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512822,"flow_last_seen":946763512822,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763512822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946763512822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763512822,"pkt":"eJS0JASgYDjgxTWgCABFAAMktR9AAD8Rly7AqAJkbe27gSkEAfQDENJ58zGl\/JiX39YAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512822,"flow_last_seen":946763512822,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763512822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946763512846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763512846,"pkt":"YDjgxTWgeJS0JASgCABFAABQmv4AAPcRPCNt7buBwKgCZAH0KQQAPLvu8zGl\/JiX39YAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFA8j2S3SJakzYmklIQMA=="} +01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946763512859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763512859,"pkt":"eJS0JASgYDjgxTWgCABFAAM8tSdAAD8Rlw7AqAJkbe27gSkEAfQDKNou8zGl\/JiX39YAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFA8j2S3SJakzYmklIQMCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512920,"flow_last_seen":946763512920,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763512920,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946763512920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763512920,"pkt":"eJS0JASgYDjgxTWgCABFAANMtTNAAD8RlvLAqAJkbe27gTikEZQDODPtAAAAAPMxpfyYl9\/WLu8pUwPoTCguICMIAAAAAQAAAywjAAMQm+4T0qhYOJ2nn8k4sTj9kc7QbVpQ4eenWe\/yf1iWnoarRnrCz6rLbTdiz21Id73uIsQYj9ps3d842AEYoeFlivUsJclEwxfewHL\/212uvzvrG+KGtV7VnqNflc4njAqD+aN0hHdJ3bfB3G8UdNG7mqqVrSsJiy8fhJjLsaOPsmpd8ESjgwVJ5sr6EL4OXAH3BnG4s\/2fstg7KoXLtVbtLUQRg5Uve1+qBGOkS6LJ7LFcBVsfF5r9c72HqQLIaLNoOR2L3nyrHK+PyY\/+bsfw5GMZVLAnMrZ8sE+T6t1GE5kWiiAGMRR7ZJirFaa2JwFg15ZsNKheHSVD3rpx1b7KP1WXUOZC\/Cb6Aw1MpJ4V9VdsJox\/Q+Gat14OqUFcQXGFUGieDanmPlJW826dtpGd+j\/yIgb6YQhgOtVocZ5NCFUDN6oWlUPj31oEHoVK+93sMlOEGbCSHY+jAaaIsBbEBxgqESHwkQapoNTPkPv+aTg6OMGZ0YsNAPpHlAoFKtWaGaAr1i6\/QEqqSekQi27Jql1VLjQIFPUGxF0O12A60vuIWCczp3gik56D6S1iGxCysc54LhGn1Y+WofC3+wVZj5gZHsp4wP1HVBThEwmWcY5m9rlGYG9sSfQKMdjHYjbny2wrd72FtjNfi9\/FoCGSfGJ57v3vYHBAUh5s7qlFnVyIleni784VqSDWk1sgG3bFLq5Tdi131RuwMezKBmvHhHLZxG1pUxv07\/7u\/FtK6kIoCpqZvmyTFGtp5l2Xrn3jP4UXslEqNUZQC\/XGD1A6OO0lYCOJ6QNgRU8R0xTEGjko4WrZh1Nsy3DeCLqg\/zLKWgLCrK+0NjOZKJqILc5VGK4TVDyldm984ifR0a0kBTWRguG9r4uHhBEe0lKWnbvy\/nSsoTdf6UJQES6dd25qUnpXdTcEHbKj2dQMQKYkBLWmO1EjHeJ\/Dd3c\/ym07OKbgCMQPOCCHjXIGeWIaI+VAtZp2tAKPryJdHa2pcSjRW5YtPERTx\/dh0\/WGlMmw87WB1i4ye52USENJuOf"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512920,"flow_last_seen":946763512920,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763512920,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946763513021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763513021,"pkt":"YDjgxTWgeJS0JASgCABFAADsmwgAAPcRO31t7buBwKgCZBGUOKQA2N42AAAAAPMxpfyYl9\/WLu8pUwPoTCguICMgAAAAAQAAAMwkAACwrhQ09Kh9+vnX5erplPpmkKxPU2ZyQ3UgWfgQd6t7a0GXP0QOt30giqAFHmWpPWeR9yE+jQc3kUdw92Kry8GP93GHU3JiQfdGX1dg80oiDVCCJN9VDUT9EYrK5BIf8TxxSxrHgnnGPhNiTcvbLhdqWqrhM+DCMWmbIQOLUP\/13aUdQqtJ2NskdLYZmBzVkSARdH\/nvMVxKh8rTWuRQL2HLCcM9jppc\/gTtn8O8w=="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946763513596,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763513596,"pkt":"eJS0JASgYDjgxTWgCABFAACMtaJAAD8RmUPAqAJkbe27gTikEZQAeLpaAAAAAPMxpfyYl9\/WLu8pUwPoTCguICMIAAAAAgAAAGwwAABQwOqdhYCbmm3bEKgkQ2BLZDzIv0XnrqQcxKkQyJsdMpetHDv3PBx9ZFaXf97NlAImLdQie\/fZWDwYC39ckJH2101yaGOEgl6g\/\/96sQ=="} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946756085796,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1108,"flow_tot_l4_payload_len":8628,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":946763514604,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763514604,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkRHVAAD8RB3nAqAJkbe274SkEAfQDEJ0jqPaH0PrOV4AAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAK+c8+AkD6rcZFQ1EHxMTY+7l0YtUYJhuCyFlB47ITLDTs1tj2Dv2ywfETORYk1UddWMpZ28VbOVXwpbsHVD4m+eunnbYKM0lSoy3ZvZtJJu3j9BZUFhxSVx7oYZQm2Fhl90HdAof8DfDzpeapHwvyRWubmkweX6VdG0E\/7DkO\/tKQAAJAGnwH6v++hzHESJUw8bCbCkyT4PnTZHyjybPJjnO+99KQAAHAAAQARSCoF2MNPWDRowTYoccunou+lcYwAAABwAAEAFHuQrU4s4aNFV7Z3Ww3xyaLVuok4="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQlowAAPcRQDVt7bvhwKgCZAH0KQQAPNm6qPaH0PrOV4AAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE1BPl4uUkUN6wHNNoiXg=="} +01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8RHlAAD8RB13AqAJkbe274SkEAfQDKDR+qPaH0PrOV4AAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE1BPl4uUkUN6wHNNoiXiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAK+c8+AkD6rcZFQ1EHxMTY+7l0YtUYJhuCyFlB47ITLDTs1tj2Dv2ywfETORYk1UddWMpZ28VbOVXwpbsHVD4m+eunnbYKM0lSoy3ZvZtJJu3j9BZUFhxSVx7oYZQm2Fhl90HdAof8DfDzpeapHwvyRWubmkweX6VdG0E\/7DkO\/tKQAAJAGnwH6v++hzHESJUw8bCbCkyT4PnTZHyjybPJjnO+99KQAAHAAAQARSCoF2MNPWDRowTYoccunou+lcYwAAABwAAEAFHuQrU4s4aNFV7Z3Ww3xyaLVuok4="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMRIBAAD8RB0bAqAJkbe274TikEZQDOJLkAAAAAKj2h9D6zleA3PDVMwKwDlEuICMIAAAAAQAAAywjAAMQ6YVobOiOu33lHVWElEunhb8i2YZ6SJ6aiLTcy0AggCQBgmcGPrbPQY+7CyG+MW\/zcDNSXNBVRgcl+deLN7pzzs+edQXQ3ymGuVucG8sedQYPWDKO0pqk+WM6U5cUWyUwI520rK2ioSJuEJdkCV3H7iyVihwVeD6c\/gw1l7DnABgddfgZZJ9zW8MF3fUS1Tzq9vNJVaWh3fAM9FMonpojpGyoxg8OOU62zE4VpWKEFj7\/WCmeuJzkx7j4rDg\/EvSq8oPo0td4HMxf1v7D7OS9vWscu7yIUVqSIDiZVbRJdDlYIbjNBcbPVNC6rFFyZPwnJX+Sh\/NZ5M10UIrHb02GQuXG4JuneW37Hzb9m5Cp0+NC\/rDSY6HIRy+PnBclndEKyb6rikYqvC9ulduFy08fbSqqMc+W4y2oTJ0OJG\/KcjYhz1txaibqAhCVAdArR11jotDvqMhm8B5EPsPrKUZp\/oqYtEtsJeBbOJDGx5fcs3Dc8xXqjhdL+atBY9dD5lX465\/aFYZrs\/p\/6tpwIqcY9Kz6JWmIB7Ve\/zKJ+poA1ggacxynpwGPIpjTkfpV1mpuPxXZOMKK9C6Sl0CzhvRHoiE9gxWSRt1Gbt0X94muIv8kCRbQpLO7GDlVVgW3yzIi1md9zzccRm+nVa7dqhbOeAj8kyoSyaHPBXZsWaB6ILEMd00K9DkZuIoJLhwtBdlKv+Y1yax7rP\/MCkCeq5\/ZogHpuRj0FnYT10WvjcqHmOuB8VG7UTXBZoq54RfhcZ7lR5s5oIy7t2S35f4DoZ8P9M9fsPffiYLS2ed4BehFN7g0VYMbUcBh4Ie9PrZuyHxRP9gLqCl04Yv6i5Nxms2GpDotE7U8zZO4S0CkjrFAUapBHjVeIzFFwvAZPvh9aY1gC0gxCsnPsS654+yD5keYzPvguogftu0HZqonVZnxJHFQ68wNssOgq7BjiGTrLmx\/9oXNTzhrxTFBoFV8LxISGtB0MAIfYYOzRkywsn+C361lzTXVciyQzka\/CKfBpLXscRaSL3Tm4Z8cEfDx"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADslpIAAPcRP5Nt7bvhwKgCZBGUOKQA2OOJAAAAAKj2h9D6zleA3PDVMwKwDlEuICMgAAAAAQAAAMwkAACwLCsD4mosZGmzS9zPOH7ZB3ntKXsbrg1mTaPeWquGkKyWCRF\/OjCDE2AY7gF6+QP5GKPQ0TXBpQE1YOldvNsFNdgrlAg6Fv3aay4aOWg5YoteQM9smeql\/l\/giTcrHwj6FXV0oSRjjlv74o0goNnCWGoPIRvxv9V1EQzAD2EbVa5quQlRJ4P625uNjcSoEn1nGktCsRV4BUtWTyE9paAe2sVXXtJL9tj6EzoDGA=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMRPlAAD8RCY3AqAJkbe274TikEZQAeAhnAAAAAKj2h9D6zleA3PDVMwKwDlEuICMIAAAAAgAAAGwwAABQK27EVha44rT9dN9Ez3hFDAHW67\/DhEXLrtd9m2PGXusgAv2XsLrDq2JDhD6iOu+y5vuPRE4mc3OgV68O6by2edSn68oqDfBe7nI7rA=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkzlFAAD8RffrAqAJkbe27gykEAfQDEKa1KYaJu7sMZisAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAGpCZr8Tv7ACFVYgEqbzY1sve\/t1Siu9b8W\/hW3A6qtZkFYJVqadJiegm4pTvb26NMogwWUUtlWP\/qXODduSwhTwXP6iamDIHfg7Kn8X7hJR1pWXwVD71FiTJIOEYsmUyWmeEzqeC\/zu9xyGvUwbXmmArHQnjp6qSMSG48GBhCPWKQAAJLIBpPNgAmeSE9fKixZPfFEcqSeQBPvHP6x66fS8zQquKQAAHAAAQAS\/TJNdm1WLlcpcz5LBQYclk\/CNqgAAABwAAEAFBKHvxsW9p663xQuBned6yuZ3rpo="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQ4hQAAPcR9Qpt7buDwKgCZAH0KQQAPL3CKYaJu7sMZisAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAAAAN01S7xqKstfAW9qRg=="} +01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8zltAAD8RfdjAqAJkbe27gykEAfQDKHMdKYaJu7sMZisAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAAAAN01S7xqKstfAW9qRiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAGpCZr8Tv7ACFVYgEqbzY1sve\/t1Siu9b8W\/hW3A6qtZkFYJVqadJiegm4pTvb26NMogwWUUtlWP\/qXODduSwhTwXP6iamDIHfg7Kn8X7hJR1pWXwVD71FiTJIOEYsmUyWmeEzqeC\/zu9xyGvUwbXmmArHQnjp6qSMSG48GBhCPWKQAAJLIBpPNgAmeSE9fKixZPfFEcqSeQBPvHP6x66fS8zQquKQAAHAAAQAS\/TJNdm1WLlcpcz5LBQYclk\/CNqgAAABwAAEAFBKHvxsW9p663xQuBned6yuZ3rpo="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMzmhAAD8RfbvAqAJkbe27gzikEZQDOADEAAAAACmGibu7DGYryhiyRAKATQQuICMIAAAAAQAAAywjAAMQZHFfe\/8gnlR9qJ0XaigXc9ecoTEZTuVsV0qwxi1bRmdUpRcmSBOWNxBIo2zQZ87GT5G751nPElifTD02EvouEj5E5IQU0FGRIhZ7j3qicVbY1wYyM\/7b1kU+HFfeN7SZMjoFTbYpGpJMyjo3p7WV9lo5KoSnKHXuqJzQ5nWXXLqoPnImrLh+kUU67ZunIK6VGLaaD26XDMyO1detKNvu1xLMeDpFOrXgfROvyaM9mL6Qy0JMYkrFGQs6WLijsBx4j\/ypSFeU1mK2Vr4A2MyTdCX7gE7xdlnxD\/rDmJq9DKSjw38y9hbHdhc\/iY0C3nab6VMj+faSuxTiCN\/k95tmK9YlLu5z4MBIqehxNJvZVRo81XV1kO7D5ru0vQvX7cf0tIT9J14ZYj8GqLetMyXACimFrfsXJ+6fD8oXSvqO2D+TedvHL5uV5cQrYHYI3QtPsDIWRMZPu5wXI4zhSjHAUEHv3INsh0GXRCrYoJpzT5YRLAft176LjvYcBHlxGNPvZCE5t2KjYWhLWQQobkebJPDR6xT5pWmZYI9ueRBO3TvQgcZ\/hat5kGnreXGQ7iSfmvWGkfCPmPXFjh+kvXrIjh90ar8VUv+1Tytqs8wvbuQfCT0bqBnnQ0wHKmtGq+4zQe4HDQvdl1HvTuPid6itVPTZoVBuPAcHNUp0hFnsdCMDDpdm1FgfLJPXwToQnXDA2c\/JNhXZKH3mmim+MdOrjsCGgwt3Y1PkgYXOqaNOBSgE11Jy1RZvQ0\/5Hy1Z72\/5lItMJ7ICcH3gglKIhMYdmBSVMJkRCVNHMRGt4jsWV0WPzR8MoKLhDtNokirzAqbw68gQkQ4PGqIS+Q4J+oTZGYKlEpvlzNrt0Q3wyGUpaedIPOGbUXuZYVlB1CLx+A4lyyTt\/3dhRpqLAUV2OXUyLrXyBVr85YOJkK5xMpNsiocbPntT9F8wlEGHEtgW60+VKxcSAbrX\/01ANR\/PfYh\/i++s8e32ZnYFWqCyTSg5CBOpjqBxCXLuhDpjFn3tG\/pppyqmTbc9xPFbJ2D5"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADs4h0AAPcR9GVt7buDwKgCZBGUOKQA2PzYAAAAACmGibu7DGYryhiyRAKATQQuICMgAAAAAQAAAMwkAACwqEBhGEkqTdk3OTJPVU+8yQTL8ZItLKounZsHCBXq6ysubqRk784GH\/owxO8EPqA9YbqFV54i4f05kBjS\/h8TdhcTet4lsitEO51fkiGfi0Vkc\/JI\/IrO1ZHnZGEeZHi6F6lpw7gAiKLzX7vKrdLCPx0wmSU9lwFSDsrE8LnuV3pSiACEa4nL+ragW0aQZ1MjWWNA\/UYXgaAtNOt3nz2vBhdfjv1epMHdb4oW+Q=="} +00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMzoVAAD8RgF7AqAJkbe27gzikEZQAeI6gAAAAACmGibu7DGYryhiyRAKATQQuICMIAAAAAgAAAGwwAABQ7i9ltNSVoV2B7+spzMyxdFmVFpNCdGsnS1zYOWtZLLJ3jn5hta9uxbRTOuryQ1nfs8LoZe2STMzHnZYYlmsTR8H0L25CA7tIlvnPbQ=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkFTBAAD8RNt7AqAJkbe27wSkEAfQDEEHkDC7fJGbFXWMAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAO96XcY24ptDFni41yYdWJy\/JFU551AW7MyoUJsnnIFWRTt8Hp07Dm7IvhAdkO6fUAM\/X+LZb+GheG49xaJX4ZpDDw\/MVu9lKUJuuFxBcJD0gviRwYWDrDJAeloJzwIl88n9jiNXQaFXBtKBWnfoC\/pQwJ70quZAfVGTIXarTofpKQAAJEiOJbzbqJu93mWlhlAfM\/c4hyE2\/vYAR2i8uJ7W5MEqKQAAHAAAQATSOs\/buyb4UkO\/79vj\/opzawTOeAAAABwAAEAF9FH7yboKURb0ASubrkp\/zwruocY="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQIusAAPcRs\/Zt7bvBwKgCZAH0KQQAPCbzDC7fJGbFXWMAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFV7sh5\/22ST31yX0r43Q=="} +01523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8FVVAAD8RNqHAqAJkbe27wSkEAfQDKFK8DC7fJGbFXWMAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFV7sh5\/22ST31yX0r43SIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAO96XcY24ptDFni41yYdWJy\/JFU551AW7MyoUJsnnIFWRTt8Hp07Dm7IvhAdkO6fUAM\/X+LZb+GheG49xaJX4ZpDDw\/MVu9lKUJuuFxBcJD0gviRwYWDrDJAeloJzwIl88n9jiNXQaFXBtKBWnfoC\/pQwJ70quZAfVGTIXarTofpKQAAJEiOJbzbqJu93mWlhlAfM\/c4hyE2\/vYAR2i8uJ7W5MEqKQAAHAAAQATSOs\/buyb4UkO\/79vj\/opzawTOeAAAABwAAEAF9FH7yboKURb0ASubrkp\/zwruocY="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMFV1AAD8RNonAqAJkbe27wTikEZQDOEjvAAAAAAwu3yRmxV1jIFciNwR80qEuICMIAAAAAQAAAywjAAMQrTNm3y3nKpCfJGJLzq4WoeJCKiySVfARcaLVldW1nV8TarpHf45O4kn4P088BsGCuvuuV3Zjz7HvPeNDTTMf4tTEEbFO+pYNIajmLo\/0MCdGjy6TTcKRfaV2HKNOGA9rBOzUgyRNBSth+rMnuxISK3JPGHdog7GxqUEvnYZJv6OzC4fGLuCnL5wy\/L50Ty2Fg3pvXIrsXaUHwli0W3VEs+M1\/AyVdowUZu\/IsLptb5Ywqx9mamanagQbw5+zJI6IIdw7nr9xWaabNoFd49XPf5IOG0oN81cMtm9wKEcZ8ixoF+L82gwp\/pYH0lK\/bbEcVFjhVpZ\/f\/MVtxKixJVEEdvADpZTg8O4Zlk7jT54AIXHlN6rEhLhrajMocSyvUhC7BimUe32xEJLcQZKXjv3wCg7FDRUEpqPxnsTiyog8Li9OE293W7JmcZVk15cFNneXQ70VpAS6qFWcmJDLFGIuHQn2e8F\/tOfKsjkEU9CRQvRNWk\/D+p8puFicnw0V9LRUy6uGLZxVhIGKS53neDw2kl7mBLLFGMep8mYh\/EO\/\/43jUD056pVqWMold3bWe+ENXpplt8rNUMdHP1gpUwXVXsuMG4JxEVoRS2kuRVOk+0MZSR0qWpix3lng4UvvIbUsH8LOmBG0LvWOPT+Y2\/vxk5QUXqsL7dKfHnf8S3qaEHIUYxj1fc3KS2BlJd3Cv+gtlVL0IzPondNSkBm3bTpLJzQAh82sInj5YGm24c1BN6ris3aym186S4CJNZ85t61td5r84KOzzlhZI\/8gthnkxJqfxAy56DReSYyVqZI3gKtdvFc+11TbVGwphGoKye6DcPPG6R9j5t6QYfYlqD1YMGmUiJZY8P2i8xB6AZFkNfgz1lgyuFNARXzCvbzdpuAqBpg9IgGpIoSzktXS+oIlZWHBtFqi5IM4urBJvoIxQ\/LOftR\/3RCCtLHSIF92B0NV1hTbSxyXobFKVDbyTqen4hmkqrNSj3NAInd6rAKd2PiJHYKSGR5o18lKUM23CRw+\/1tANxXoFAkW1x1"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsI9UAAPcRsnBt7bvBwKgCZBGUOKQA2AuLAAAAAAwu3yRmxV1jIFciNwR80qEuICMgAAAAAQAAAMwkAACwdm4ZqCn08scaTnuI9jZrtMOzwvKgCzLssEi17hqLdF52wfrjwlGnWHg4s7Htz\/Gxnh\/s0RPdhVSIN6eLY0tie04uvE5BsloxH7yxzkeCVrt16zA+hjPcXUPmxiTk9zs8awO3ouDCi50PL7v1Djwqke5YKqZs31YlwMVpuMXvtjQmPgylOFFjn44ZNCyP+ZBH4qdQEdwueJNrpZ2EQ7a1r8i7f8xHxKHHyczyEw=="} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMFclAAD8RON3AqAJkbe27wTikEZQAeDIOAAAAAAwu3yRmxV1jIFciNwR80qEuICMIAAAAAgAAAGwwAABQVYMVSYyJ9gFWH7kETb2fU7dCYGW\/nqvCy2sJP\/JPQTMkiwZXC67JYZ\/uOaJ7kC8TcwUVknprrjkRxrCJVq1wLiNMXgpKaYe8r38Unw=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkqOlAAD8RowLAqAJkbe274ykEAfQDEMfwxPeugZRTkDEAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALaCq\/QqzbUl4TfVDbWtcIRhWbw1c7xzhe471e2uourx4gK4yu\/qx\/GMXpPCmq+AfIfCRxyfNb4eRtQdBek4+utR7rvvK74A9iefLvlsEBGQs3U+sNqUk9a13Hk+LhSeZopenNjNGBCXlMHDJtGZQCjGlhOR9N57RZan1wqNSI8CKQAAJK7\/+nXDLTKRQBD8OLeC6WRl3oX4ocuiIUqLdUtxFTBTKQAAHAAAQASCMP3w8Pive3ai2x+IuNuOWp8BpgAAABwAAEAFhhuQtn334e4kKy6crkOBRJ7fU3o="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQy0gAAPcRC3dt7bvjwKgCZAH0KQQAPOj3xPeugZRTkDEAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE1IEHINlsQhrJ2YmIIdA=="} +01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8qPJAAD8RouHAqAJkbe274ykEAfQDKINyxPeugZRTkDEAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE1IEHINlsQhrJ2YmIIdCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALaCq\/QqzbUl4TfVDbWtcIRhWbw1c7xzhe471e2uourx4gK4yu\/qx\/GMXpPCmq+AfIfCRxyfNb4eRtQdBek4+utR7rvvK74A9iefLvlsEBGQs3U+sNqUk9a13Hk+LhSeZopenNjNGBCXlMHDJtGZQCjGlhOR9N57RZan1wqNSI8CKQAAJK7\/+nXDLTKRQBD8OLeC6WRl3oX4ocuiIUqLdUtxFTBTKQAAHAAAQASCMP3w8Pive3ai2x+IuNuOWp8BpgAAABwAAEAFhhuQtn334e4kKy6crkOBRJ7fU3o="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMqP1AAD8RosbAqAJkbe274zikEZQDOAwPAAAAAMT3roGUU5AxVDreTwHgKMguICMIAAAAAQAAAywjAAMQFHKN09w9JMuSdVLZlDSAEdBZPZLf0YlLUCDGVaU4QgA5R4PwVc1wGlnCVUekrSEI8G+hJ73vPBs9A2R54slBgUkD5OtsgkU2Y\/ysdvbeFjfl5aOOU8P2AP0+nE4nxoL3ihUJF\/r5A8\/qioOtIJzpb7UTY7FEOHgakNDQyZ9vaAwZXlWs41+Th6nJ0MpAQLpgozSOJ9FAzZeaM0eBMdzcI2Q4S0GkesbeAgagn\/f2DKDyFAKLBtf6MJ1vlQ54CVKtTzUaZfkrk6hU4syCkcLZNoFIb1mnNiDsPxk32uw0XmKLZ4AB5DJWse1LYivWsOqVJqqjMO3HhnEG2Dx5awhDcFxp60atvgtj6L6XoPvOgq\/qXj\/z5PXlZQkAJAp+cZbmGSvhVgatLb0+tsz\/OyULncHx\/VO6Kqi9P+MAPAxEZC9A\/95WSldUKrkqHiz8sZsukvkW1AZ0rEqkgeazDwoZXjpNDR3XGIO7jwp4VRlinrEP+Kowk20+gIBA8+dHAOiz9florZrS3Uj1s+5mTjawwBtWbyf1VjJgr\/78WCw6ONAmxOiC+FJX9fBcH9xN6I1X3K8ABoYfUvOOT02L+JNLD2qEVfwPyjGhr3UARSE6l2T2B8959OepMY6co3ui9z1UXnahE0GR9i2pLhrDW4mTskfgGwmp\/68Y1BDrCYB39Y0AhqU4uZZHrB0pR6SpVR1EP2KSVRgkwvgbrOUep+9Vt7GRB5bao9BCnpTL7AEOqOwhIgx5ynAqJES\/eCKH\/kwRYj4USVpn52VpEg9ILhoE+urAKkETY\/cLVH4Ak5ugCbOEfPdHfj9D0rGeNiWqOShVrPj2Mq3v0Zfwkhsyk74blWlkAR2RmgMcM23i58MXkQ0U+VJXSAEguUMhvfDjmZv6lKz84CphJcLPMSj84HVTd9wWCLF6tkZx7q3+E50I6mOu\/OpnQrsLV4\/HbMMztvL4nGxR1fiQo\/Tmpi848uW5uwvfyfq2cIAXQIsRkAi6L9PFk7Wdod7gdoBv9qnMuYyOxSYvFaApLUSPsZnf"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsy5UAAPcRCo5t7bvjwKgCZBGUOKQA2N2eAAAAAMT3roGUU5AxVDreTwHgKMguICMgAAAAAQAAAMwkAACw3+hDUjEFQ6MgpqAEcApKvn9uh3qVHzhAobzzdsLHNL0cE0MCy6hqRcHq2zyFYxqKUvV9qpSoUCOXzZX8acXWksJkwcZvlj3pHUnomqGBUy7YKx8\/BoUpsdZ+YJ66Urw6XFHoKHyVFJYrxhfDTA96A3GMtNoZk+CLmvMZh9uGXGXGb9zoZqBq9vHjZRx\/MplOtNEvpcXqGaCwVYcGtrGfedPqueJGKjXMXpyHhw=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMqXpAAD8RpQnAqAJkbe274zikEZQAeOw1AAAAAMT3roGUU5AxVDreTwHgKMguICMIAAAAAgAAAGwwAABQp3zPqAaPZdCtSbotjrN0irXGcY7JpOGxC6pjgSY\/TZB8lMPX2DP1QKzYFMuSni2xVCT2eLDFep09w0XbtiWVOI2z82MP7LPt5iJg1A=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkUT5AAD8R+q7AqAJkbe274ikEAfQDENNXqwswX1pdWlQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAANisWYZIjej7n3HtY6YrUGG6ju3JyAgfXaIbqQqsCk6WamsA3yJowbMrsQiavjlYliQ8\/bmnkd4oik6yfXzF2nnT5++MrBWp59hXjvpQG7CUKBYM2qK1rCYScGFGvoCH+VaOstA9qnbA93UZ+lGrf8oiyLKNCUx8EmTjNr1npSw0KQAAJEdv70J9iweqoyFFLnrl4Zzojnhs5HDATx3IKPlr2BaOKQAAHAAAQASxGcGDddgOxJ\/uFM4nQfEOTHdh1AAAABwAAEAFw3IlZSVVICry3JG3pa18XmliW9c="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQEZ0AAPcRxSNt7bviwKgCZAH0KQQAPGsMqwswX1pdWlQAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE1KWcIrU8y8ddQ+ocSmg=="} +01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8UUlAAD8R+ovAqAJkbe274ikEAfQDKAkLqwswX1pdWlQAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE1KWcIrU8y8ddQ+ocSmiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAANisWYZIjej7n3HtY6YrUGG6ju3JyAgfXaIbqQqsCk6WamsA3yJowbMrsQiavjlYliQ8\/bmnkd4oik6yfXzF2nnT5++MrBWp59hXjvpQG7CUKBYM2qK1rCYScGFGvoCH+VaOstA9qnbA93UZ+lGrf8oiyLKNCUx8EmTjNr1npSw0KQAAJEdv70J9iweqoyFFLnrl4Zzojnhs5HDATx3IKPlr2BaOKQAAHAAAQASxGcGDddgOxJ\/uFM4nQfEOTHdh1AAAABwAAEAFw3IlZSVVICry3JG3pa18XmliW9c="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMUU9AAD8R+nXAqAJkbe274jikEZQDODTyAAAAAKsLMF9aXVpU8rNpjARABmguICMIAAAAAQAAAywjAAMQ6Z9u6sp21FHw9VexxCL4jh1V4W3sanbv3b88odA16POyeoQKizKd2HmgH0NR\/U2FyiZQbxMqa7XMYFNMKV8428rCLY18jtse\/+ckrrjC9sewybMICEnJmMxbdEFF4AvTOGL3EKm3QT3Eg1HZ9ZSp\/t6tPSaAEKa3raNeV99MYev4bqmPqlmHO+GKwCUOmb\/\/WhuLPmluPOe2TBGJ66thL1vwc72vZmjJ35sjKPelra23UF5Cwj3EkN31PcPlnagyUKfFKe0tDEhi\/zcayi6IA3RQ45CcmYuYtppgdkgTrA4X8ySF2RNmlXfMSxeShomsWVIrcXowlFEptytcNtavQUOqRSsiRoCAesd4J0mAZlQJTHBJQkJF5D5oyy3uKyGkRMPJ4QqGe91skWMr4dklLDyu3k1\/Ki566+JgYKR97wLMp+O7E63S\/2oZe60EsKc1cNancp1xVIeK61Uxkni6d2O0j+NSXm8I+KbKCEsM8jktpVXjmOVnPHyuo9eeXJIhp8gexGSxUK1dF6Wb\/51j9mrJ6Rez4bGL2iuUAQ04aj0Ztuyp91rVSixxaUhqznAlebdvq7zw57FRYAGSwth67wRXsRtuptzlC92fMDUdQWF4\/q7Rg4ccMJF8RTqsCfv\/V5UkM4rN4lMhQLv9leCJg4L4VtlUhELb\/dmwApKHfm4qZ+AvwxRrhYksS4iWBYqPRAJpUwCdGnnGSqMBh3o6p6oq9yU+MJfyC7xA6IGAc5Da5Gt8ZyEcwo8JJWiwHu7dBeWjkvoyi6haT0hZBaq4CC5QTRFLa9S5ajUP40DdvqDMTYmfONTFGQA6d2YC17keI7odwHkGPKSlOt8w+jF8Dti71cbXyWEQJdY+ZVQdwHfTeUcrnxYVMpy7BP4dMcdpRdfc4lg\/QbRKOdKk0hT5LuCXF0M3Vp\/LEZa7FwCq638sPDKBcUlLhWwxQDFXGZJRnNhauA2AsjOr8gPCtSrE84a00K6Rme00o2hpitbodAaLdhM+MJrhzUFjCUrk+AIvDAWX+uOvXRH6A7qL"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsEjkAAPcRw+tt7bviwKgCZBGUOKQA2NOBAAAAAKsLMF9aXVpU8rNpjARABmguICMgAAAAAQAAAMwkAACwlJd8WVcVfeBQmkN5fuj2YUx6tDxIVbQvy2JQRd\/BtL4hXpKJzs\/swh9hLZeQKsbMp\/sy\/av\/bbUA1jEWVrhNWIPQTh6mM4lKY0bMGYNJnwKWMpvDypsZQVORgQLb\/inT5fJkB85cKyuZ+OpfJNkxWxJ8xlgnHQZNmWhknOe41lnZLuRVg3w85pw0ONcgDXn5tgFkGuxKxNyj8Xr3SY\/nJqVuAzK+TYqBB8TmXQ=="} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMUeNAAD8R\/KHAqAJkbe274jikEZQAeP5qAAAAAKsLMF9aXVpU8rNpjARABmguICMIAAAAAgAAAGwwAABQ0MVvdAw+LEqFA+nmF6i+XI58eiVp1GRV\/rWe4MnVHMpW8WwgWN8kiN6DP4sWq+W6GDQg7Lq8MyuzO0xwSZTAHDjDg8bbx5JyeewH2w=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkfBRAAD8R0DjAqAJkbe27gikEAfQDEGb1zXuuLUv9pz4AAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALekGQeyXWU\/60toX74oI0NOPrQEorT913B5RWuu2HN1uo6YOszdlN6tok1qsbs6hmVmZJrWGXgOe3sFZUtEGtWNQ8t7Aa2Mt0TQHl9URPDFrZpMIDNYSLz2uksGoJV4Y6wEfAxTeZYeEH8X4gcBz7P\/QA6cRN0\/JVa9p1v0\/57HKQAAJDvJ2clyg7FCIyXAj1uqYyldr2SIGMxOXOwB1SVwhMTkKQAAHAAAQATF2N6DrOv0hzfW361l0T7OSbO+kwAAABwAAEAFMV3HOKq0Fujlh4APMbK5f7RIWno="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQkyoAAPYRRPZt7buCwKgCZAH0KQQAPF4QzXuuLUv9pz4AAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAABq0Q7n6QjJnJsuTER7qA=="} +01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8fBlAAD8R0BvAqAJkbe27gikEAfQDKG4VzXuuLUv9pz4AAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAABq0Q7n6QjJnJsuTER7qCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALekGQeyXWU\/60toX74oI0NOPrQEorT913B5RWuu2HN1uo6YOszdlN6tok1qsbs6hmVmZJrWGXgOe3sFZUtEGtWNQ8t7Aa2Mt0TQHl9URPDFrZpMIDNYSLz2uksGoJV4Y6wEfAxTeZYeEH8X4gcBz7P\/QA6cRN0\/JVa9p1v0\/57HKQAAJDvJ2clyg7FCIyXAj1uqYyldr2SIGMxOXOwB1SVwhMTkKQAAHAAAQATF2N6DrOv0hzfW361l0T7OSbO+kwAAABwAAEAFMV3HOKq0Fujlh4APMbK5f7RIWno="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMfCFAAD8R0APAqAJkbe27gjikEZQDOCAiAAAAAM17ri1L\/ac+HEFGvwEgEbUuICMIAAAAAQAAAywjAAMQ469lGmPc0hEi4\/rpKiGNJD5Nq3zlOv1Ml0GnlFKZ1XFdIX2l2YH07yFoJhfYZ2uPmk\/EvBYB5IwL1MpwJsetr2cZ8C2kW68lmBiPVHDkzVz1FpqFwUeXxsTO\/Mne10x8MSBJZeDYyhjRenBg3qSQ1uh4sNnAjwGFkmEcoZY67hDaUrE6wNAw9EmuFPveCUXZ3pwm+gN1qANqoDeOuU+OiOaHkRLZm4QshDsPQjnKVG+6dJ+FCJmeIjP+zfNtwm0D9ZIK1sH7KgHGb\/8OnIRTLElll85J5T9YxF\/tXUFiIdklrebmdtfN++jPvpIp5BroJhVNhCZx9TbCKAFIqpkZjSTypUKXVA4HW7iOuOQrFR3wlNQXJqjxT115EzTgAdQoemZr4vifC\/9RIxTB46YkugRBKYxip\/BhFbmOLAfuuRU8q1HCwxb5QcTPdno6A7IcuG50\/ldiPpMbFCHNogwzNfD1Rm4LuR5g4O7LzbiB0HgfSGDpQQ1sccieUvGtWwS5yJJdcWhQsSn7aQGNkfN+NUSUJ6z3Uoix6ULjG3ES7H\/3x+Drxi7D+3CxKOij6nCVqh+v89ZPL8\/TlaeEofmgfO4Nqb4uT1s3AsTLAeEUuFmlcmIULbCyw0RXNDSB+BPNYmAi7IiuA6q+gmBXqR4a+RtHymCDcYLEHwDW0cHx5vpFt2YeIu261FNKYH0qcFZ5DpoHNL109VmvYUglfOOgGnETPAP+ueLV4Jt31JG0U7yGwUsfYEfW9Nw1KEhI\/HAzn9q0\/y0eNexl9abCbKpbCwVRqP1jZb0g\/BvxC5rt6knjqRXDXiOiAHZwdEPRAi815hn8JfgceuT4I5RXaQ1slfVaPhlrteTbnEq9UmEuoG6O9s\/QMqHx0huvA7savNo2cZnm+Jkm3qpMJxuZUDI9jP775IRGH2Q5LYdBdhjjwE6BJodj\/v8xocqeSrw5TgLnTred0263arnrnaKLSz6c91YGE3+E1R\/TbdN5fgCta0W+jhywiGo1m7Mmt2cdZwGYfhtyqsp5broKOCsH"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsk6IAAPYRQ+Jt7buCwKgCZBGUOKQA2IekAAAAAM17ri1L\/ac+HEFGvwEgEbUuICMgAAAAAQAAAMwkAACwnjHnEXtSQ9YBTsYWhNWWL2lb3zCSVGmtTzEvh47BEs\/bjLyBXTJjuCqg7wWeV74OlRvZj2lbuv2HF8N25vmjxy2gOj3GTSIkrJ81O5xBYrk\/DO\/U3vnDhNrRnxnnbUAcri8CK4colHYFHy00rAAnAiq\/J3y\/4Psn7O2YNdeQxTN+FVKTTs+PkcU9iJQYjyeso5yATeFNdg3Yo2REPpR\/v53srr2DXIiU+rV2BA=="} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMfEZAAD8R0p7AqAJkbe27gjikEZQAeEKcAAAAAM17ri1L\/ac+HEFGvwEgEbUuICMIAAAAAgAAAGwwAABQ4uWpvKvs0+Grd38C+Ik2kAU8jJda\/\/ZCHQQBPzJXFKXfyLyFjecJewBE8lyFFdf5WHr93Xl19FueaRtvNm5eWTihSgwraMBcuUWyzQ=="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAG8AURAAP0RjjHAqAJkbe27waZhEZQBqLXBAAAAABcjot1R1L2v9VP\/ZQPMlAYuICMIAAAAAQAAAZwjAAGAFzlsP7YgimBjfIhMJEPhZdw0CnuZSvY37VZC7a055Lu7e+IEFmagHoqj\/3VU94cqC6SemXaaay0d\/2HUKJiZnpCAdCpw2HQ0KrTFW857JbKQ5j3IjKxRjcUYXqtMskX1DsgbCtObqa65cF5WltmtdmwVSANhLzG0LAR+CYEUUulm5YiOyMOFPbHpSrtDM2EEADmkbnPxO00Rexy0LvWXHDnINrIOiYbG6hzWEPIEI9Eq\/yH+hgIb4D\/vUKMOXGmPYj6eX3YPkbs08cGm1IBTDEzAwFQ6+Dut0IKwpkVjd+zPi5GajMElxeEZqtJlXKjo9Q5m9\/Z280gMX0Ev66KMtd6K6mBxkfkxU48zqh5WNlzUeROBsXFhnHi99g6+xt5SosQj2gpfId\/yriJfKS5T7sFkMpq5UCC9LwpNDHHYOliSKEorplbbZFT5pCqGgvpGJkdN1m+eylUPZy+lsCygyTo96r1KrC7wKmw+U5ttVkc6oJ49jPR1mswYgKs="} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsDNQAAPcRyXFt7bvBwKgCZBGUpmEA2LFTAAAAABcjot1R1L2v9VP\/ZQPMlAYuICMgAAAAAQAAAMwkAACwt8DrlJ+m2al2nqC6R0IPssF2L9y4SqKRlJmL3oRcq8RKQ2ObMHo4zQyEslOWTLC32j2ahp4JmnhkcJsAT1Ry5ttL3i23NLV5nDm5L7NCBAUkcaeumkXhzzHIEE7JLNBFfwKX9ajX1xrYBwFX63nezSYk14HlosNo\/wudM5KsK1FFycc\/dtaMmPuiBcgAypmEGH8GzTU8DwauD7bD0L3m78gqkvO5SOE4lAbfug=="} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMAUVAAP0Rj2DAqAJkbe27waZhEZQAeI5AAAAAABcjot1R1L2v9VP\/ZQPMlAYuICMIAAAAAgAAAGwwAABQFzlsP7YgimBjfIhMJEPhZfNKbhKkUop45dKn+ZaQvlBgZFipb1gl3b\/yGDnUYTjHBXhpSa2HaEtAKP+u9gU0mUFlekP9JG9k5fmbAw=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAFsAUBAAP0RjoXAqAJkbe27waZhAfQBWFaoeYM\/SkK01zcAAAAAAAAAACEgIggAAAAAAAABUCIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAAAYLYUGuZ6wRrF76F6Wg4SSmTXUbMrt\/uvkUwBae6Z8ffl31Qp9Pe8kpQLuvpdgDfuC1lFI5d2eInFhSKN2p5l2MMxLCVh5vAZdUmYBGKNydDABJoY\/t2cMJAQMYGrAiasUQAFL5ua2kwx4aur4JnIDxYlsa+kOEok7rfcNe567iikAABhGdIqQZwLuydnmghUWKRm0Vg7igikAABwAAEAERAVvgCvrSECDMOeubOqiQEdUN7AAAAAcAABABWB6cf2AaUay5FZ3OLynoSnQ1+Y8"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQCh8AAPcRzMJt7bvBwKgCZAH0pmEAPMlxeYM\/SkK01zcAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWNOkd\/egKWX5A4HacWg=="} +00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAGEAUFAAP0RjmzAqAJkbe27waZhAfQBcKqaeYM\/SkK01zcAAAAAAAAAACkgIggAAAAAAAABaCEAABgAAEAGAAFWNOkd\/egKWX5A4HacWiIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAAAYLYUGuZ6wRrF76F6Wg4SSmTXUbMrt\/uvkUwBae6Z8ffl31Qp9Pe8kpQLuvpdgDfuC1lFI5d2eInFhSKN2p5l2MMxLCVh5vAZdUmYBGKNydDABJoY\/t2cMJAQMYGrAiasUQAFL5ua2kwx4aur4JnIDxYlsa+kOEok7rfcNe567iikAABhGdIqQZwLuydnmghUWKRm0Vg7igikAABwAAEAERAVvgCvrSECDMOeubOqiQEdUN7AAAAAcAABABWB6cf2AaUay5FZ3OLynoSnQ1+Y8"} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkKtJAAD8RITvAqAJkbe27wikEAfQDEM\/xKPIIUorA8+QAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAJx3HsMOdjlF+2jUdSeOgUoJKgSkDnrRj+AmqkvL4\/btxDWIa5wgFzCzeQ3x7y72e5UHhqhgvqaYk9jfMQxIVaEW9a\/BsTbbgWHzjuQA+m2wB7LvhFjGB\/zN7IPBMezDEAF2Voyii81jTpzUUJ05HhmyiH0d\/igIqUo6S0VxBu\/wKQAAJJlGk0qPBMMAQyO8c7OtV6h+5wY2ebevcS4SnFRIjN85KQAAHAAAQASbEuzBi4qstlq61cC7lLKgnoRv5wAAABwAAEAFpnJT+g+x5l9EQfvU7Io35Af4zqQ="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQIF8AAPcRtoFt7bvCwKgCZAH0KQQAPB4RKPIIUorA8+QAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWSaC4DsICzoX86f4Vpg=="} +01517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8KtVAAD8RISDAqAJkbe27wikEAfQDKNhWKPIIUorA8+QAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFWSaC4DsICzoX86f4VpiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAJx3HsMOdjlF+2jUdSeOgUoJKgSkDnrRj+AmqkvL4\/btxDWIa5wgFzCzeQ3x7y72e5UHhqhgvqaYk9jfMQxIVaEW9a\/BsTbbgWHzjuQA+m2wB7LvhFjGB\/zN7IPBMezDEAF2Voyii81jTpzUUJ05HhmyiH0d\/igIqUo6S0VxBu\/wKQAAJJlGk0qPBMMAQyO8c7OtV6h+5wY2ebevcS4SnFRIjN85KQAAHAAAQASbEuzBi4qstlq61cC7lLKgnoRv5wAAABwAAEAFpnJT+g+x5l9EQfvU7Io35Af4zqQ="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMKt9AAD8RIQbAqAJkbe27wjikEZQDOIC8AAAAACjyCFKKwPPkEtTszwKEz4IuICMIAAAAAQAAAywjAAMQd3Fb1jcelHxTVe\/2g8zj76uIg+8eKH8u+8QF+mNPeDJgsw4h2X4zU7etZzV3p7z0YxmJf5uRbi2o6wBWX928PPHxu4H8aPAm4xpIDdoHfgekjdTUgxlE8sqcL9I3c9J9O6LrK0ZkaQC3qjj1M+iyBNV\/\/tKiCzB1FnooNlXDx34GIR3OZsJZO2sSFnKY0ayWw0t6+E4bvW8F4OScDaoq3NOsIN1j42xm64tbn0b8tRzQw3Rxf1j02PuVTkQUYaYXN66Dwr\/olWo4FGPLm3TsZAYhwpbhDyAgddF9qJaJ9yCchNdNF5qUhpSOjYujXNmeg13l13ZprAKS1AF7roe\/W\/TKSlYvsZTqdXNnNirv\/CGa281gDGSwNPqHT4ng1kr9Py+LDxhT1Xt4DB3ZkNCrj9Ar0\/dAuVTg5DdxTeMR6fnGKEShzFOYocqfaSHNbSW81hS3GcGLGENWWJDKQdAVaDmXhW+wUIcccPD8d+gJxpwUns1GebpdvHORZ6U16WRlMFhbJYznKE86SPL478qqc5YEMCqbFMYENZx3aa2g7BY9\/ognKR00zfD\/OOZnmC\/LO1i1Hytf9iNqisx7GlwgAEKNHmcLnmD\/IOuAltGaTroxV2XAlF5QDKx8ZA4ymT6mfhy0E85T4+hw9D6rqU\/Znl0TOiqL9rSFhGp0T4RDBSYkRLmYYFMKk9YEdQsOHhdXqsA203XlTSg2RDhMev\/LxaObttZhGUehoha5Huvu7HxWyDrAWnjIRvSo+n51OHQsCpeyWZ4xoKF9XoJu4QB36L9zgSxGbU5AJfQdOdTfGRC8XxtFVRkGR5QKJXqpwAQThCRy5mlogO6nRUUVL94WSR4qizsYsPrzoHmaNO3KP5++h+YHRjNi5kZipOzu6Al1aY1kEI9Q9T0\/I5fqQgm9I3I6XLLKZ2f1lg8f\/l8TYt0g0pBHSKkDZnOsMMgVwUWaep1BtFEzds85\/gck0joMeSfrr4sz+hNs3GPMVRNI4qIH5v5y0t5Y9PP\/DUBSqwNGKU0aw4aUGztHDzqs"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsIdQAAPcRtHBt7bvCwKgCZBGUOKQA2IOhAAAAACjyCFKKwPPkEtTszwKEz4IuICMgAAAAAQAAAMwkAACwPfbHDUoskxSE5gSUwdfwN6znE\/N7RTjtK44\/DHvn\/\/wwexFQR+bVEpZtp0gTHsHNqUIlLIKHA\/jLWQUdr39M6fjLR9bEnM8bZDOpQoG1FAcUSplJnPky0MftH5FxtXAehv64FgvOmL6ZyUgZev9MgFt3Az+PptEJz6VuLX9fAIliBAE6dzplUiTUzxnJwEflrSTBoQjIhF\/lTF73bdS664b4qJIcOOLwwqHWuQ=="} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMK0BAAD8RI2XAqAJkbe27wjikEZQAeGpmAAAAACjyCFKKwPPkEtTszwKEz4IuICMIAAAAAgAAAGwwAABQaLfgxnYqNgq2qxmD+Hya19TPQcBLhoYD2BdkF4EMrXTi21s3PaExuSQZpbAyQi70XIBl8RNR\/wXOMFYcsm\/GKhZRmEeJiOHHY9bmSQ=="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAv1AAP0RjGfAqAJkbe27wqKSEZQBuF26AAAAAA0wAwLs3PExCE8kgQKA2sMuICMIAAAAAQAAAawjAAGQhVi3P8yzTfHmuI+q40jjfulhmdzYtghBgvrDfHSgYMHGAg2XU9i\/iOgQjyoTY0TYwfvwlijcEIjIzvAbmCqFJUGCB7uzk8JYV1tb1\/YeDhlRfxzft7yHQO3Ef6p28zkuy8rFdFHF7cET9dB0T9UH4lrmMn7TnQw9oUo1fE2lfQyfnpiGB9uSMq+5XNwegEiW7Nw1hb7cs3Be1fS9wwjgXaN2fWfGFNwZF4Bt6ctrjJbmJtMZtXFW9oJ68+mOel2Tq98ZCnnxPX1WsHWoVKSoa0mFFCVz12Zv+T2SRqM1XDU2D\/uzP5EkyXj5wBuUeWYas7JM+IsPF3WZiUzkRkRsF8mzmAEYcS5DjYBLnA1yeNjf2ou1C4A2+9xs8FiE9d5nKnZdo8S\/uRCxBLHweET4Z8rlH5y\/wPttmRjEJXclMVHwSGXStxNWhbQ8yequ3Oj\/iUJV059Ua27OpFQlxw6eychcRPl6ukaA7Loq37Dk+iYqh3xE\/eBHDu5spJ4iZwuTzGEFjIIJjEgu7Fci"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsj4QAAPcRRsBt7bvCwKgCZBGUopIA2HVRAAAAAA0wAwLs3PExCE8kgQKA2sMuICMgAAAAAQAAAMwkAACwquU718u5VhZfSwZUPwqxrsfVvbXtg9ycFAzdkanxQ4ZdmhxID0tgHCAM8ZrGCNxZG+FMVTvTdhGn6q1TuemOvZE4\/LhT+0r5el9vMdASwlSSx0gJzmvmxrcB0dt7mxOTFIpkAfSwW5dBG6ONvXmn\/eLVkHomLxSYvgisw8c17eZNpBSLv1WfsJICYvDpJiGKxg9eRd1+NHW\/k+OQLS1krJhN0Ro1DTGeveCqAg=="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMAv5AAP0RjabAqAJkbe27wqKSEZQAeEmQAAAAAA0wAwLs3PExCE8kgQKA2sMuICMIAAAAAgAAAGwwAABQhVi3P8yzTfHmuI+q40jjfvXXeLkn\/P4\/Guol\/mo4SQDG6v9jAVAtKweO\/8NZOJnwHxQSgEjTe1ProSx0L5Q8GD20Y8a7kPdCB4+4WA=="} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMyhBAAD8RgdPAqAJkbe27wzikEZQDOBN4AAAAAIetJ3eFzqOBsYTP+wFs9UMuICMIAAAAAQAAAywjAAMQDxOwAsdF5DcmouqZ3qIIPX2dL17Sxwthytf35vX8VepVzCyasejxBabYcg1eZCOCXo7wibJ+5Ox19FZZ6WA8o\/FtirT1unp5\/KbKnXJj\/jdAwsC5Cmk+0nKvvIVGEa9qjOK1riRUBOLg3AgiPD1b0MEFCXVy4tktzPSYyIT8FCvxETxIN6UD6Cy0KYjRB1oZX0kS66ppXYIIhSpZkY1xn5UMgaZMfKIHRiIv7woIJ2+2jQ73aaZIyotOsyvuBpCcaZZtBWDFsbxm1+cgUkifeDRJjisc\/P6P1jHCx3Z8vmdJyRKNeCtsnStiUyoS1VGy5753yy5XlcqyN1B55mmx4GRa\/HHN4mxvBeQitpdQLQOqc6vSA0zhTHgBD7SqScWn+dc6+bWmJ+j4cfy7mqr12cjpoTIadqdkZ7jJFgUvViPa2cgUSiM3DiCGDwLwi5JltLqmhOCF0oMk1nr3YuvM6ljvscdIRoBP4lidxy72BTx2UZlMkO+gzCPcHOW65ARx8Q3rhw639NUizpwmTbUkhokOYA3JgJkVwbeWLn3lqwv6Ss6NJIdQEqhXHRExkAJxbLRtBylO+3j+muHjVwbAq75LBJzf\/i1UAstHQcg9qDTT\/ZGnKR7Ty8pWWhioaHffJyRRi+h7sK9zbkiOiBD2zt27yYltBBHPMaDytJghkfxYshxtNEjP7DDk9JsIuFz31CRxvyTYCQUiXHMZzbvXZcN82ro0WR0fgq1043ibbzHUg7FzuXDctY\/SwA7NZ6qxwtvg+\/psiPeUB1hzEtF8wdnYUlNalOdh0Yc76GQbrhWCoStkQi0Ydfl4xegAN22+a1lTlBg\/JUSrqLehByai4h1B4NwNJGynTPFzUMsATeVNbTFpe3jxVZt7P0vWrNnVT5BSaGfJDb7gcqxWmVTROLUQN0E2hcEUz38Y8e\/5eatZL+yHIrAcKK3EtVCpKFtumiow9ZZ6GvGizVBzhM2NnzoVEntamjmvJQIYNFqpe\/oZhY0wNJUxF\/\/qeQzJrYJ1oz4Qh6UIgPZ5y5Hy"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsxPAAAPcREVNt7bvDwKgCZBGUOKQA2JZNAAAAAIetJ3eFzqOBsYTP+wFs9UMuICMgAAAAAQAAAMwkAACwMr0OAkWijHaDvVGx2cRd0BpnFxS9yWmk6USjwA1\/uw1HQpBxwIy+M+R8Al6F3b36KkUGMX1VKR6k1QkDbK7wUf6D75B3WW4+ESdgDyReOoS2h1kZn2iRJm0Fo9teEurdyI4sprk4gzmd0gpIbHjeDxKa9imZvZ3qtI3GQJ3qHIAJc5ObsHzpll\/5YtnVtIGJqMEfyVkFO5ycBlEymK2bZ\/IKDHFsKs137Rdruw=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMyldAAD8RhEzAqAJkbe27wzikEZQAeNzZAAAAAIetJ3eFzqOBsYTP+wFs9UMuICMIAAAAAgAAAGwwAABQNF9O8PSFPDdTA7ru1rW4e\/OgLqcWU5nzNhiXwaf5BsfwxiuanodxWmR58JZG78eli1reIYIhuG8qOBQ5mrxafVbmCl4feN4SYilPrw=="} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAFsAvlAAP0RjMvAqAJkbe27wqKSAfQBWN5x2W94XiRTTxcAAAAAAAAAACEgIggAAAAAAAABUCIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAACx++sTkIAWw+R7uHiEwXIocXunucKDvQ5WSJ7oK89SHVsCi3vgdk4CV3hQZ6lLDvwsftNwzYqzFzZyIXPkR15xXGy4j\/8RE04AqF3L6rnl4kSFK8ao0Ashh\/3kXMb9tCb5RitTqZrxo1fBcVb7A7oPwAwOnJNHigc5D1k2OVhjzSkAABgEvd5QXYxmcM3GjeZtcZGvHLA3lSkAABwAAEAEq1KQqOfFPfZ6rmfMr0R1F4jORZkAAAAcAABABfY+rBnlsnnwA5bb6lPTmpcNo5hy"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQjVEAAPcRSY9t7bvCwKgCZAH0opIAPIoL2W94XiRTTxcAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWSdZrX4ccCgpHyIoYQw=="} +00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAGEAvpAAP0RjLLAqAJkbe27wqKSAfQBcOGu2W94XiRTTxcAAAAAAAAAACkgIggAAAAAAAABaCEAABgAAEAGAAFWSdZrX4ccCgpHyIoYQyIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAACx++sTkIAWw+R7uHiEwXIocXunucKDvQ5WSJ7oK89SHVsCi3vgdk4CV3hQZ6lLDvwsftNwzYqzFzZyIXPkR15xXGy4j\/8RE04AqF3L6rnl4kSFK8ao0Ashh\/3kXMb9tCb5RitTqZrxo1fBcVb7A7oPwAwOnJNHigc5D1k2OVhjzSkAABgEvd5QXYxmcM3GjeZtcZGvHLA3lSkAABwAAEAEq1KQqOfFPfZ6rmfMr0R1F4jORZkAAAAcAABABfY+rBnlsnnwA5bb6lPTmpcNo5hy"} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkyf9AAD8RggzAqAJkbe27wykEAfQDED50h60nd4XOo4EAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEnKegIkLOmW4KZNcOCo7ZOC4licZ2A51HwGaEIiqoXRPN6FcRoNRdAJs+VA4OoEhdOX8Fx4+MU+pUH2RMi10WP9fW5dlYg6Cr9HTfi+4X5mNAA6iu7R0SUnBzU7WFhgJmUeZ23\/+YRhQU1yMpmQB5bWydw9ZfvTkPXAog0gKlZ1KQAAJIVS0Rg+btu6BkuEgsgaurW3aJ4eaYYGQ6VjkOvvz6QMKQAAHAAAQASo5HDOkRKoIfuPc\/+LezYZYFoAhAAAABwAAEAFi9H7SlG8iBMVMxjPqyusPgxIUYI="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQw\/QAAPcREutt7bvDwKgCZAH0KQQAPDt0h60nd4XOo4EAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWSjMix2hDw5Uoh9iWqg=="} +01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8ygVAAD8Rge7AqAJkbe27wykEAfQDKIzIh60nd4XOo4EAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFWSjMix2hDw5Uoh9iWqiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEnKegIkLOmW4KZNcOCo7ZOC4licZ2A51HwGaEIiqoXRPN6FcRoNRdAJs+VA4OoEhdOX8Fx4+MU+pUH2RMi10WP9fW5dlYg6Cr9HTfi+4X5mNAA6iu7R0SUnBzU7WFhgJmUeZ23\/+YRhQU1yMpmQB5bWydw9ZfvTkPXAog0gKlZ1KQAAJIVS0Rg+btu6BkuEgsgaurW3aJ4eaYYGQ6VjkOvvz6QMKQAAHAAAQASo5HDOkRKoIfuPc\/+LezYZYFoAhAAAABwAAEAFi9H7SlG8iBMVMxjPqyusPgxIUYI="} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":56312,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":291,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":139412,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":33856,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":8164,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":32620,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763512920,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":11496,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":51444,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":11496,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763512822,"flow_last_seen":946763512882,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1108,"flow_tot_l4_payload_len":6692,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1156,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":1080,"packets-processed":1080,"total-skipped-flows":0,"total-l4-data-len":535322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":12,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":241,"global_ts_msec":946763527783} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 1080/1080 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 535322 bytes +~~ total detected protocols..: 36 +~~ total active/idle flows...: 36/36 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5936832 bytes +~~ total memory freed........: 5936832 bytes +~~ total allocations/frees...: 119296/119296 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 472 chars +~~ json string max len.......: 1561 chars +~~ json string avg len.......: 1016 chars diff --git a/test/results/ipv6_in_gtp.pcap.out b/test/results/ipv6_in_gtp.pcap.out index 1f696f625..d5e41d869 100644 --- a/test/results/ipv6_in_gtp.pcap.out +++ b/test/results/ipv6_in_gtp.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 193 chars ~~ json string max len.......: 555 chars diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out index 411eb7723..557bc0e2e 100644 --- a/test/results/irc.pcap.out +++ b/test/results/irc.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868853 bytes -~~ total memory freed........: 5868853 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 5872240 bytes +~~ total memory freed........: 5872240 bytes +~~ total allocations/frees...: 118140/118140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 914 chars diff --git a/test/results/ja3_lots_of_cipher_suites.pcap.out b/test/results/ja3_lots_of_cipher_suites.pcap.out index 170108ce9..fb0db3d27 100644 --- a/test/results/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites.pcap.out @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 207 chars ~~ json string max len.......: 2328 chars diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out index 46ec381e0..39557fc1f 100644 --- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866732 bytes -~~ total memory freed........: 5866732 bytes -~~ total allocations/frees...: 118112/118112 +~~ total memory allocated....: 5870119 bytes +~~ total memory freed........: 5870119 bytes +~~ total allocations/frees...: 118136/118136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 260 chars ~~ json string max len.......: 1928 chars diff --git a/test/results/jabber.pcap.out b/test/results/jabber.pcap.out index 9608d14de..1a94fdd4f 100644 --- a/test/results/jabber.pcap.out +++ b/test/results/jabber.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868374 bytes -~~ total memory freed........: 5868374 bytes -~~ total allocations/frees...: 118099/118099 +~~ total memory allocated....: 5871761 bytes +~~ total memory freed........: 5871761 bytes +~~ total allocations/frees...: 118123/118123 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 683 chars diff --git a/test/results/kerberos-login.pcap.out b/test/results/kerberos-login.pcap.out index 00374e06c..a7c5a0194 100644 --- a/test/results/kerberos-login.pcap.out +++ b/test/results/kerberos-login.pcap.out @@ -77,9 +77,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879464 bytes -~~ total memory freed........: 5879464 bytes -~~ total allocations/frees...: 118160/118160 +~~ total memory allocated....: 5882851 bytes +~~ total memory freed........: 5882851 bytes +~~ total allocations/frees...: 118184/118184 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 2124 chars diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out index 0f3a0a5f9..b47ecfe3e 100644 --- a/test/results/kerberos.pcap.out +++ b/test/results/kerberos.pcap.out @@ -198,9 +198,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5955502 bytes -~~ total memory freed........: 5955502 bytes -~~ total allocations/frees...: 118292/118292 +~~ total memory allocated....: 5958889 bytes +~~ total memory freed........: 5958889 bytes +~~ total allocations/frees...: 118316/118316 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2423 chars diff --git a/test/results/kerberos_fuzz.pcapng.out b/test/results/kerberos_fuzz.pcapng.out index b3f503bd5..f7870872e 100644 --- a/test/results/kerberos_fuzz.pcapng.out +++ b/test/results/kerberos_fuzz.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 813 chars diff --git a/test/results/kontiki.pcap.out b/test/results/kontiki.pcap.out index f773ac29b..8c48ff3a1 100644 --- a/test/results/kontiki.pcap.out +++ b/test/results/kontiki.pcap.out @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5968554 bytes -~~ total memory freed........: 5968554 bytes -~~ total allocations/frees...: 121395/121395 +~~ total memory allocated....: 5971941 bytes +~~ total memory freed........: 5971941 bytes +~~ total allocations/frees...: 121419/121419 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 1778 chars diff --git a/test/results/lisp_registration.pcap.out b/test/results/lisp_registration.pcap.out index 6f7ac7c25..e99ea9ece 100644 --- a/test/results/lisp_registration.pcap.out +++ b/test/results/lisp_registration.pcap.out @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874011 bytes -~~ total memory freed........: 5874011 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 5877398 bytes +~~ total memory freed........: 5877398 bytes +~~ total allocations/frees...: 118150/118150 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 690 chars diff --git a/test/results/log4j-webapp-exploit.pcap.out b/test/results/log4j-webapp-exploit.pcap.out index 889c761a5..853371b7b 100644 --- a/test/results/log4j-webapp-exploit.pcap.out +++ b/test/results/log4j-webapp-exploit.pcap.out @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890951 bytes -~~ total memory freed........: 5890951 bytes -~~ total allocations/frees...: 118547/118547 +~~ total memory allocated....: 5894338 bytes +~~ total memory freed........: 5894338 bytes +~~ total allocations/frees...: 118571/118571 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars ~~ json string max len.......: 1057 chars diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out index 19e71c314..ef0dbe20d 100644 --- a/test/results/long_tls_certificate.pcap.out +++ b/test/results/long_tls_certificate.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6264580 bytes -~~ total memory freed........: 6264580 bytes -~~ total allocations/frees...: 118325/118325 +~~ total memory allocated....: 6267967 bytes +~~ total memory freed........: 6267967 bytes +~~ total allocations/frees...: 118349/118349 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 5070 chars diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out index 9b864de8f..bdfa4dc18 100644 --- a/test/results/malformed_dns.pcap.out +++ b/test/results/malformed_dns.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866170 bytes -~~ total memory freed........: 5866170 bytes -~~ total allocations/frees...: 118093/118093 +~~ total memory allocated....: 5869557 bytes +~~ total memory freed........: 5869557 bytes +~~ total allocations/frees...: 118117/118117 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2655 chars diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out index f8b8a1787..4e7e4be40 100644 --- a/test/results/malformed_icmp.pcap.out +++ b/test/results/malformed_icmp.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 443 chars ~~ json string max len.......: 777 chars diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out index ba8942e10..64d6b7360 100644 --- a/test/results/malware.pcap.out +++ b/test/results/malware.pcap.out @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5910175 bytes -~~ total memory freed........: 5910175 bytes -~~ total allocations/frees...: 118186/118186 +~~ total memory allocated....: 5913562 bytes +~~ total memory freed........: 5913562 bytes +~~ total allocations/frees...: 118210/118210 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 2467 chars diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out index e8162720f..016ed0244 100644 --- a/test/results/memcached.cap.out +++ b/test/results/memcached.cap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868287 bytes -~~ total memory freed........: 5868287 bytes -~~ total allocations/frees...: 118096/118096 +~~ total memory allocated....: 5871674 bytes +~~ total memory freed........: 5871674 bytes +~~ total allocations/frees...: 118120/118120 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 688 chars diff --git a/test/results/mgcp.pcapng.out b/test/results/mgcp.pcapng.out index 42425ae37..d9c8f3316 100644 --- a/test/results/mgcp.pcapng.out +++ b/test/results/mgcp.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866297 bytes -~~ total memory freed........: 5866297 bytes -~~ total allocations/frees...: 118097/118097 +~~ total memory allocated....: 5869684 bytes +~~ total memory freed........: 5869684 bytes +~~ total allocations/frees...: 118121/118121 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 680 chars diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out index e0603067b..8a0714438 100644 --- a/test/results/modbus.pcap.out +++ b/test/results/modbus.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868907 bytes -~~ total memory freed........: 5868907 bytes -~~ total allocations/frees...: 118187/118187 +~~ total memory allocated....: 5872294 bytes +~~ total memory freed........: 5872294 bytes +~~ total allocations/frees...: 118211/118211 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 695 chars diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out index e9a36974e..c96ca37fd 100644 --- a/test/results/monero.pcap.out +++ b/test/results/monero.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5888536 bytes -~~ total memory freed........: 5888536 bytes -~~ total allocations/frees...: 118411/118411 +~~ total memory allocated....: 5891923 bytes +~~ total memory freed........: 5891923 bytes +~~ total allocations/frees...: 118435/118435 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 454 chars ~~ json string max len.......: 926 chars diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out index a85e9c6d4..0095ca937 100644 --- a/test/results/mongodb.pcap.out +++ b/test/results/mongodb.pcap.out @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872908 bytes -~~ total memory freed........: 5872908 bytes -~~ total allocations/frees...: 118125/118125 +~~ total memory allocated....: 5876295 bytes +~~ total memory freed........: 5876295 bytes +~~ total allocations/frees...: 118149/118149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 817 chars diff --git a/test/results/mpeg-dash.pcap.out b/test/results/mpeg-dash.pcap.out index 892c84c51..f448772e0 100644 --- a/test/results/mpeg-dash.pcap.out +++ b/test/results/mpeg-dash.pcap.out @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869927 bytes -~~ total memory freed........: 5869927 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 5873314 bytes +~~ total memory freed........: 5873314 bytes +~~ total allocations/frees...: 118140/118140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2405 chars diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out index 84a07c84a..05c861f52 100644 --- a/test/results/mpeg.pcap.out +++ b/test/results/mpeg.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866558 bytes -~~ total memory freed........: 5866558 bytes -~~ total allocations/frees...: 118107/118107 +~~ total memory allocated....: 5869945 bytes +~~ total memory freed........: 5869945 bytes +~~ total allocations/frees...: 118131/118131 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 800 chars diff --git a/test/results/mpegts.pcap.out b/test/results/mpegts.pcap.out index 2c802ee11..aff4ea7f6 100644 --- a/test/results/mpegts.pcap.out +++ b/test/results/mpegts.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 2722 chars diff --git a/test/results/mqtt.pcap.out b/test/results/mqtt.pcap.out index cf73c5732..0b8140cc3 100644 --- a/test/results/mqtt.pcap.out +++ b/test/results/mqtt.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867242 bytes -~~ total memory freed........: 5867242 bytes -~~ total allocations/frees...: 118097/118097 +~~ total memory allocated....: 5870629 bytes +~~ total memory freed........: 5870629 bytes +~~ total allocations/frees...: 118121/118121 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 857 chars diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out index 0919a802f..34cf10493 100644 --- a/test/results/mssql_tds.pcap.out +++ b/test/results/mssql_tds.pcap.out @@ -66,9 +66,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5917236 bytes -~~ total memory freed........: 5917236 bytes -~~ total allocations/frees...: 118163/118163 +~~ total memory allocated....: 5920623 bytes +~~ total memory freed........: 5920623 bytes +~~ total allocations/frees...: 118187/118187 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out index 32092b195..19952d276 100644 --- a/test/results/mysql-8.pcap.out +++ b/test/results/mysql-8.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866065 bytes -~~ total memory freed........: 5866065 bytes -~~ total allocations/frees...: 118089/118089 +~~ total memory allocated....: 5869452 bytes +~~ total memory freed........: 5869452 bytes +~~ total allocations/frees...: 118113/118113 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 680 chars diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out index bbe3cd89e..d05f4351f 100644 --- a/test/results/nats.pcap.out +++ b/test/results/nats.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871860 bytes -~~ total memory freed........: 5871860 bytes -~~ total allocations/frees...: 118117/118117 +~~ total memory allocated....: 5875247 bytes +~~ total memory freed........: 5875247 bytes +~~ total allocations/frees...: 118141/118141 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 672 chars diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out index 432cd785a..7cdb89cd1 100644 --- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out @@ -3,10 +3,10 @@ 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 01989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} +01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.SOAP","breed":"Acceptable","category":"RPC"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} 00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} 00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1258165452647} -00950{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2701,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2701,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.SOAP","breed":"Acceptable","category":"RPC"}} 00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1258165452688} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866471 bytes -~~ total memory freed........: 5866471 bytes -~~ total allocations/frees...: 118103/118103 +~~ total memory allocated....: 5869858 bytes +~~ total memory freed........: 5869858 bytes +~~ total allocations/frees...: 118127/118127 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 494 chars ~~ json string max len.......: 1994 chars diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index d25e0d232..6384f945c 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -126,9 +126,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5929483 bytes -~~ total memory freed........: 5929483 bytes -~~ total allocations/frees...: 118919/118919 +~~ total memory allocated....: 5932870 bytes +~~ total memory freed........: 5932870 bytes +~~ total allocations/frees...: 118943/118943 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 805 chars diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out index 0b3bf0f05..d03177f03 100644 --- a/test/results/netbios.pcap.out +++ b/test/results/netbios.pcap.out @@ -79,9 +79,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5889985 bytes -~~ total memory freed........: 5889985 bytes -~~ total allocations/frees...: 118388/118388 +~~ total memory allocated....: 5893372 bytes +~~ total memory freed........: 5893372 bytes +~~ total allocations/frees...: 118412/118412 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 806 chars diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out index e524d7bb1..baf54cb9f 100644 --- a/test/results/netbios_wildcard_dns_query.pcap.out +++ b/test/results/netbios_wildcard_dns_query.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 482 chars ~~ json string max len.......: 804 chars diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out index 1c6e35ecd..633376124 100644 --- a/test/results/netflix.pcap.out +++ b/test/results/netflix.pcap.out @@ -414,9 +414,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6233315 bytes -~~ total memory freed........: 6233315 bytes -~~ total allocations/frees...: 125505/125505 +~~ total memory allocated....: 6236702 bytes +~~ total memory freed........: 6236702 bytes +~~ total allocations/frees...: 125529/125529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1482 chars diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out index 83f5d0a96..fee2ddf63 100644 --- a/test/results/netflow-fritz.pcap.out +++ b/test/results/netflow-fritz.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 693 chars diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out index afeefbfde..c0761ef82 100644 --- a/test/results/netflowv9.pcap.out +++ b/test/results/netflowv9.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866239 bytes -~~ total memory freed........: 5866239 bytes -~~ total allocations/frees...: 118095/118095 +~~ total memory allocated....: 5869626 bytes +~~ total memory freed........: 5869626 bytes +~~ total allocations/frees...: 118119/118119 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2303 chars diff --git a/test/results/nfsv2.pcap.out b/test/results/nfsv2.pcap.out index 79a276b15..4f0c966cb 100644 --- a/test/results/nfsv2.pcap.out +++ b/test/results/nfsv2.pcap.out @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876665 bytes -~~ total memory freed........: 5876665 bytes -~~ total allocations/frees...: 118259/118259 +~~ total memory allocated....: 5880052 bytes +~~ total memory freed........: 5880052 bytes +~~ total allocations/frees...: 118283/118283 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 814 chars diff --git a/test/results/nfsv3.pcap.out b/test/results/nfsv3.pcap.out index 62510a3ad..439841bc3 100644 --- a/test/results/nfsv3.pcap.out +++ b/test/results/nfsv3.pcap.out @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876885 bytes -~~ total memory freed........: 5876885 bytes -~~ total allocations/frees...: 118234/118234 +~~ total memory allocated....: 5880272 bytes +~~ total memory freed........: 5880272 bytes +~~ total allocations/frees...: 118258/118258 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 814 chars diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out index 354082851..5b6596dee 100644 --- a/test/results/nintendo.pcap.out +++ b/test/results/nintendo.pcap.out @@ -138,9 +138,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5927329 bytes -~~ total memory freed........: 5927329 bytes -~~ total allocations/frees...: 119156/119156 +~~ total memory allocated....: 5930716 bytes +~~ total memory freed........: 5930716 bytes +~~ total allocations/frees...: 119180/119180 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1399 chars diff --git a/test/results/nntp.pcap.out b/test/results/nntp.pcap.out index 1b5faa33b..2096b2766 100644 --- a/test/results/nntp.pcap.out +++ b/test/results/nntp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868925 bytes -~~ total memory freed........: 5868925 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 5872312 bytes +~~ total memory freed........: 5872312 bytes +~~ total allocations/frees...: 118142/118142 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 684 chars diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out index dc46a6de2..2118e4e6a 100644 --- a/test/results/no_sni.pcap.out +++ b/test/results/no_sni.pcap.out @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5926458 bytes -~~ total memory freed........: 5926458 bytes -~~ total allocations/frees...: 119317/119317 +~~ total memory allocated....: 5929845 bytes +~~ total memory freed........: 5929845 bytes +~~ total allocations/frees...: 119341/119341 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 988 chars diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out index e912c8401..ac34b97e9 100644 --- a/test/results/ocs.pcap.out +++ b/test/results/ocs.pcap.out @@ -114,9 +114,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5923743 bytes -~~ total memory freed........: 5923743 bytes -~~ total allocations/frees...: 119106/119106 +~~ total memory allocated....: 5927130 bytes +~~ total memory freed........: 5927130 bytes +~~ total allocations/frees...: 119130/119130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 449 chars ~~ json string max len.......: 1481 chars diff --git a/test/results/ocsp.pcapng.out b/test/results/ocsp.pcapng.out index 308dd400a..a8bee61a9 100644 --- a/test/results/ocsp.pcapng.out +++ b/test/results/ocsp.pcapng.out @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886845 bytes -~~ total memory freed........: 5886845 bytes -~~ total allocations/frees...: 118504/118504 +~~ total memory allocated....: 5890232 bytes +~~ total memory freed........: 5890232 bytes +~~ total allocations/frees...: 118528/118528 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 908 chars diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out index 466adfbb2..2468c3439 100644 --- a/test/results/ookla.pcap.out +++ b/test/results/ookla.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6024747 bytes -~~ total memory freed........: 6024747 bytes -~~ total allocations/frees...: 123178/123178 +~~ total memory allocated....: 6028134 bytes +~~ total memory freed........: 6028134 bytes +~~ total allocations/frees...: 123202/123202 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 695 chars diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out index 40c0a3b54..286186449 100644 --- a/test/results/openvpn.pcap.out +++ b/test/results/openvpn.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878725 bytes -~~ total memory freed........: 5878725 bytes -~~ total allocations/frees...: 118391/118391 +~~ total memory allocated....: 5882112 bytes +~~ total memory freed........: 5882112 bytes +~~ total allocations/frees...: 118415/118415 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 826 chars diff --git a/test/results/oracle12.pcapng.out b/test/results/oracle12.pcapng.out index abf680bae..2ae60361d 100644 --- a/test/results/oracle12.pcapng.out +++ b/test/results/oracle12.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868577 bytes -~~ total memory freed........: 5868577 bytes -~~ total allocations/frees...: 118106/118106 +~~ total memory allocated....: 5871964 bytes +~~ total memory freed........: 5871964 bytes +~~ total allocations/frees...: 118130/118130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 658 chars diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out index 1b1ffb00e..010e30022 100644 --- a/test/results/os_detected.pcapng.out +++ b/test/results/os_detected.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876232 bytes -~~ total memory freed........: 5876232 bytes -~~ total allocations/frees...: 118109/118109 +~~ total memory allocated....: 5879619 bytes +~~ total memory freed........: 5879619 bytes +~~ total allocations/frees...: 118133/118133 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2155 chars diff --git a/test/results/ospfv2_add_new_prefix.pcap.out b/test/results/ospfv2_add_new_prefix.pcap.out index 2b0fa3608..1c045d71c 100644 --- a/test/results/ospfv2_add_new_prefix.pcap.out +++ b/test/results/ospfv2_add_new_prefix.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866007 bytes -~~ total memory freed........: 5866007 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5869394 bytes +~~ total memory freed........: 5869394 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 477 chars ~~ json string max len.......: 655 chars diff --git a/test/results/pgm.pcap.out b/test/results/pgm.pcap.out new file mode 100644 index 000000000..8f41e526b --- /dev/null +++ b/test/results/pgm.pcap.out @@ -0,0 +1,24 @@ +00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pgm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1654564815455} +00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654564815455,"flow_last_seen":1654564815455,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654564815455,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1654564815455,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1654564815455,"pkt":"AQBeAAEviFH7P19UCABFAAA4C7VAABRxIuMK9ECa6wABL9YlAHsAAEcBCvRAmtYlACQAAaJCAFHoKABR6ecAAQAACvRAmg=="} +00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654564815455,"flow_last_seen":1654564815455,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654564815455,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"4":"DPI"},"proto":"PGM","breed":"Acceptable","category":"Network"}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1654564816295,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1654564816295,"pkt":"AQBeAAEviFH7P19UCABFAABzDnBAABRxH+0K9ECa6wABL9YlAHsEAAH0CvRAmtYlAF8AUenoAFHoKENTQQCABAAAbQAFAFBSSUNFAAAAAAAAAAAAAAAAAAAAAP\/\/AADXyjEBAQAAAAr0QJoAAAAANH8AAAAAAAABAAAAAQAAACoA"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1654564816316,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1654564816316,"pkt":"AQBeAAEviFH7P19UCABFAABxDoBAABRxH98K9ECa6wABL9YlAHsEAE8tCvRAmtYlAF0AUenpAFHoKENTQQCABAAAbQADAExPRwAAAAAAAAAAAAAAAAAAAAD\/\/wAA18oxAQEAAAAK9ECaAAAAAEJ\/AAAAAAAAAQAAAAEAAAAqAA=="} +00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1000,"flow_first_seen":1654564815455,"flow_last_seen":1654564894361,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":162302,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1654564894361,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PGM","breed":"Acceptable","category":"Network"}} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"pgm.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":1000,"total-skipped-flows":0,"total-l4-data-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1654564894361} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 1000/1000 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 162302 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5898336 bytes +~~ total memory freed........: 5898336 bytes +~~ total allocations/frees...: 119109/119109 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 459 chars +~~ json string max len.......: 653 chars +~~ json string avg len.......: 547 chars diff --git a/test/results/pgsql.pcap.out b/test/results/pgsql.pcap.out index 52a03d00d..68537bf4f 100644 --- a/test/results/pgsql.pcap.out +++ b/test/results/pgsql.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872208 bytes -~~ total memory freed........: 5872208 bytes -~~ total allocations/frees...: 118129/118129 +~~ total memory allocated....: 5875595 bytes +~~ total memory freed........: 5875595 bytes +~~ total allocations/frees...: 118153/118153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 685 chars diff --git a/test/results/pim.pcap.out b/test/results/pim.pcap.out new file mode 100644 index 000000000..a00246f3e --- /dev/null +++ b/test/results/pim.pcap.out @@ -0,0 +1,24 @@ +00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pim.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655247781655} +00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655247781655,"flow_last_seen":1655247781655,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1655247781655,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655247781655,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1655247781655,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKkAAAFns0PAqMvq4AAADSMAIEwBAMCoy+kAAgDSAQAAIOY+QvwAAQAAAQAHIAql5gIBAAAg5jwrAwABAAABAAcgCqXmAg=="} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655247781655,"flow_last_seen":1655247781655,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1655247781655,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_PIM","breed":"Acceptable","category":"Network"}} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655247782655,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1655247782655,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKoAAAFns0LAqMvq4AAADSMAIFYBAMCoy+kAAgDSAQAAIOY+QvsAAQAAAQAHIAql5gIBAAAg5jwq+gABAAABAAcgCqXmAg=="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655247783655,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1655247783655,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKsAAAFns0HAqMvq4AAADSMALUsBAMCoy+kAAgDSAQAAIOY+QvoAAQAAAQAHIAql5gIBAAAg5jweBgABAAABAAcgCqXmAg=="} +00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1655247781655,"flow_last_seen":1655247790665,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1655247790665,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_PIM","breed":"Acceptable","category":"Network"}} +00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"pim.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1655247790665} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 10/10 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 580 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5869626 bytes +~~ total memory freed........: 5869626 bytes +~~ total allocations/frees...: 118119/118119 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 459 chars +~~ json string max len.......: 648 chars +~~ json string avg len.......: 545 chars diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out index bce77dd50..3c9ead805 100644 --- a/test/results/pinterest.pcap.out +++ b/test/results/pinterest.pcap.out @@ -247,9 +247,9 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7400342 bytes -~~ total memory freed........: 7400342 bytes -~~ total allocations/frees...: 137045/137045 +~~ total memory allocated....: 7403729 bytes +~~ total memory freed........: 7403729 bytes +~~ total allocations/frees...: 137069/137069 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 3224 chars diff --git a/test/results/pluralsight.pcap.out b/test/results/pluralsight.pcap.out index abd7558ec..097164e62 100644 --- a/test/results/pluralsight.pcap.out +++ b/test/results/pluralsight.pcap.out @@ -55,9 +55,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5918431 bytes -~~ total memory freed........: 5918431 bytes -~~ total allocations/frees...: 118190/118190 +~~ total memory allocated....: 5921818 bytes +~~ total memory freed........: 5921818 bytes +~~ total allocations/frees...: 118214/118214 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1313 chars diff --git a/test/results/pop3.pcap.out b/test/results/pop3.pcap.out index df854513b..727f937cd 100644 --- a/test/results/pop3.pcap.out +++ b/test/results/pop3.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868911 bytes -~~ total memory freed........: 5868911 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 5872298 bytes +~~ total memory freed........: 5872298 bytes +~~ total allocations/frees...: 118142/118142 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 822 chars diff --git a/test/results/pops.pcapng.out b/test/results/pops.pcapng.out index 9e57fe7c2..5162525cd 100644 --- a/test/results/pops.pcapng.out +++ b/test/results/pops.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868150 bytes -~~ total memory freed........: 5868150 bytes -~~ total allocations/frees...: 118092/118092 +~~ total memory allocated....: 5871537 bytes +~~ total memory freed........: 5871537 bytes +~~ total allocations/frees...: 118116/118116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 809 chars diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out index b5619cc1d..3d3cdd740 100644 --- a/test/results/pps.pcap.out +++ b/test/results/pps.pcap.out @@ -573,9 +573,9 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6068779 bytes -~~ total memory freed........: 6068779 bytes -~~ total allocations/frees...: 121098/121098 +~~ total memory allocated....: 6072166 bytes +~~ total memory freed........: 6072166 bytes +~~ total allocations/frees...: 121122/121122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars ~~ json string max len.......: 2182 chars diff --git a/test/results/pptp.pcap.out b/test/results/pptp.pcap.out index 890d8efcc..eb568c782 100644 --- a/test/results/pptp.pcap.out +++ b/test/results/pptp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868693 bytes -~~ total memory freed........: 5868693 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 5872080 bytes +~~ total memory freed........: 5872080 bytes +~~ total allocations/frees...: 118134/118134 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 678 chars diff --git a/test/results/punycode-idn.pcap.out b/test/results/punycode-idn.pcap.out index 341350c3e..358e4c334 100644 --- a/test/results/punycode-idn.pcap.out +++ b/test/results/punycode-idn.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868599 bytes -~~ total memory freed........: 5868599 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 5871986 bytes +~~ total memory freed........: 5871986 bytes +~~ total allocations/frees...: 118138/118138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 790 chars diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out index 1dd73404c..59d4bf786 100644 --- a/test/results/quic-23.pcap.out +++ b/test/results/quic-23.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876711 bytes -~~ total memory freed........: 5876711 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 5880098 bytes +~~ total memory freed........: 5880098 bytes +~~ total allocations/frees...: 118150/118150 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2206 chars diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out index 5a6347616..30ac58daa 100644 --- a/test/results/quic-24.pcap.out +++ b/test/results/quic-24.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876492 bytes -~~ total memory freed........: 5876492 bytes -~~ total allocations/frees...: 118121/118121 +~~ total memory allocated....: 5879879 bytes +~~ total memory freed........: 5879879 bytes +~~ total allocations/frees...: 118145/118145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2139 chars diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out index e50bc5f0e..de959a15e 100644 --- a/test/results/quic-27.pcap.out +++ b/test/results/quic-27.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876873 bytes -~~ total memory freed........: 5876873 bytes -~~ total allocations/frees...: 118127/118127 +~~ total memory allocated....: 5880260 bytes +~~ total memory freed........: 5880260 bytes +~~ total allocations/frees...: 118151/118151 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2279 chars diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out index f74c8197d..2d9e80e0d 100644 --- a/test/results/quic-28.pcap.out +++ b/test/results/quic-28.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883295 bytes -~~ total memory freed........: 5883295 bytes -~~ total allocations/frees...: 118359/118359 +~~ total memory allocated....: 5886682 bytes +~~ total memory freed........: 5886682 bytes +~~ total allocations/frees...: 118383/118383 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2068 chars diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out index 2f21ecdc5..93029a966 100644 --- a/test/results/quic-29.pcap.out +++ b/test/results/quic-29.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876492 bytes -~~ total memory freed........: 5876492 bytes -~~ total allocations/frees...: 118121/118121 +~~ total memory allocated....: 5879879 bytes +~~ total memory freed........: 5879879 bytes +~~ total allocations/frees...: 118145/118145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2140 chars diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out index 2265f3f20..abb23403a 100644 --- a/test/results/quic-33.pcapng.out +++ b/test/results/quic-33.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5904891 bytes -~~ total memory freed........: 5904891 bytes -~~ total allocations/frees...: 119098/119098 +~~ total memory allocated....: 5908278 bytes +~~ total memory freed........: 5908278 bytes +~~ total allocations/frees...: 119122/119122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2144 chars diff --git a/test/results/quic-34.pcap.out b/test/results/quic-34.pcap.out index 1cb6fbda0..a789f16e0 100644 --- a/test/results/quic-34.pcap.out +++ b/test/results/quic-34.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876341 bytes -~~ total memory freed........: 5876341 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 5879728 bytes +~~ total memory freed........: 5879728 bytes +~~ total allocations/frees...: 118134/118134 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2142 chars diff --git a/test/results/quic-fuzz-overflow.pcapng.out b/test/results/quic-fuzz-overflow.pcapng.out index 89a7f1f83..824f0f4bc 100644 --- a/test/results/quic-fuzz-overflow.pcapng.out +++ b/test/results/quic-fuzz-overflow.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5865978 bytes -~~ total memory freed........: 5865978 bytes -~~ total allocations/frees...: 118086/118086 +~~ total memory allocated....: 5869365 bytes +~~ total memory freed........: 5869365 bytes +~~ total allocations/frees...: 118110/118110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 476 chars ~~ json string max len.......: 3016 chars diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out index d22cdb1f9..1cec68551 100644 --- a/test/results/quic-mvfst-22.pcap.out +++ b/test/results/quic-mvfst-22.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890280 bytes -~~ total memory freed........: 5890280 bytes -~~ total allocations/frees...: 118596/118596 +~~ total memory allocated....: 5893667 bytes +~~ total memory freed........: 5893667 bytes +~~ total allocations/frees...: 118620/118620 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2134 chars diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out index ffec3060d..29623b7b4 100644 --- a/test/results/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/quic-mvfst-22_decryption_error.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886266 bytes -~~ total memory freed........: 5886266 bytes -~~ total allocations/frees...: 118457/118457 +~~ total memory allocated....: 5889653 bytes +~~ total memory freed........: 5889653 bytes +~~ total allocations/frees...: 118481/118481 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 486 chars ~~ json string max len.......: 2110 chars diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out index e3b52c746..9e77a11e3 100644 --- a/test/results/quic-mvfst-27.pcapng.out +++ b/test/results/quic-mvfst-27.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876640 bytes -~~ total memory freed........: 5876640 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 5880027 bytes +~~ total memory freed........: 5880027 bytes +~~ total allocations/frees...: 118150/118150 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 2203 chars diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out index a700794c5..1c3a0fb5c 100644 --- a/test/results/quic-mvfst-exp.pcap.out +++ b/test/results/quic-mvfst-exp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876933 bytes -~~ total memory freed........: 5876933 bytes -~~ total allocations/frees...: 118136/118136 +~~ total memory allocated....: 5880320 bytes +~~ total memory freed........: 5880320 bytes +~~ total allocations/frees...: 118160/118160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 2153 chars diff --git a/test/results/quic-v2-01.pcapng.out b/test/results/quic-v2-01.pcapng.out index 25055c721..0be224bd5 100644 --- a/test/results/quic-v2-01.pcapng.out +++ b/test/results/quic-v2-01.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5902992 bytes -~~ total memory freed........: 5902992 bytes -~~ total allocations/frees...: 119029/119029 +~~ total memory allocated....: 5906379 bytes +~~ total memory freed........: 5906379 bytes +~~ total allocations/frees...: 119053/119053 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 2141 chars diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out index d5aa2c4b0..12e68a795 100644 --- a/test/results/quic.pcap.out +++ b/test/results/quic.pcap.out @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890516 bytes -~~ total memory freed........: 5890516 bytes -~~ total allocations/frees...: 118638/118638 +~~ total memory allocated....: 5893903 bytes +~~ total memory freed........: 5893903 bytes +~~ total allocations/frees...: 118662/118662 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 2271 chars diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out index caa09f5ad..407dd9739 100644 --- a/test/results/quic046.pcap.out +++ b/test/results/quic046.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868897 bytes -~~ total memory freed........: 5868897 bytes -~~ total allocations/frees...: 118186/118186 +~~ total memory allocated....: 5872284 bytes +~~ total memory freed........: 5872284 bytes +~~ total allocations/frees...: 118210/118210 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2248 chars diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out index fdfb18aa6..c532bfe74 100644 --- a/test/results/quic_0RTT.pcap.out +++ b/test/results/quic_0RTT.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874681 bytes -~~ total memory freed........: 5874681 bytes -~~ total allocations/frees...: 118108/118108 +~~ total memory allocated....: 5878068 bytes +~~ total memory freed........: 5878068 bytes +~~ total allocations/frees...: 118132/118132 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2139 chars diff --git a/test/results/quic_crypto_aes_auth_size.pcap.out b/test/results/quic_crypto_aes_auth_size.pcap.out index d6be42c61..032093045 100644 --- a/test/results/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/quic_crypto_aes_auth_size.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5891979 bytes -~~ total memory freed........: 5891979 bytes -~~ total allocations/frees...: 118134/118134 +~~ total memory allocated....: 5895366 bytes +~~ total memory freed........: 5895366 bytes +~~ total allocations/frees...: 118158/118158 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 481 chars ~~ json string max len.......: 2290 chars diff --git a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out index 6315ac60d..a26d3b3ff 100644 --- a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890979 bytes -~~ total memory freed........: 5890979 bytes -~~ total allocations/frees...: 118131/118131 +~~ total memory allocated....: 5894366 bytes +~~ total memory freed........: 5894366 bytes +~~ total allocations/frees...: 118155/118155 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 491 chars ~~ json string max len.......: 2186 chars diff --git a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index d8037c595..baa7c0904 100644 --- a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -532,9 +532,9 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7678518 bytes -~~ total memory freed........: 7678518 bytes -~~ total allocations/frees...: 121312/121312 +~~ total memory allocated....: 7681905 bytes +~~ total memory freed........: 7681905 bytes +~~ total allocations/frees...: 121336/121336 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 506 chars ~~ json string max len.......: 2328 chars diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out index e5ca584ed..1b0af97ce 100644 --- a/test/results/quic_interop_V.pcapng.out +++ b/test/results/quic_interop_V.pcapng.out @@ -406,9 +406,9 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6591355 bytes -~~ total memory freed........: 6591355 bytes -~~ total allocations/frees...: 119888/119888 +~~ total memory allocated....: 6594742 bytes +~~ total memory freed........: 6594742 bytes +~~ total allocations/frees...: 119912/119912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 2165 chars diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out index 98aaa5c12..74f960d92 100644 --- a/test/results/quic_q39.pcap.out +++ b/test/results/quic_q39.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867735 bytes -~~ total memory freed........: 5867735 bytes -~~ total allocations/frees...: 118146/118146 +~~ total memory allocated....: 5871122 bytes +~~ total memory freed........: 5871122 bytes +~~ total allocations/frees...: 118170/118170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2247 chars diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out index 3b30f1b03..815037a28 100644 --- a/test/results/quic_q43.pcap.out +++ b/test/results/quic_q43.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866007 bytes -~~ total memory freed........: 5866007 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5869394 bytes +~~ total memory freed........: 5869394 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2247 chars diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out index d62f2b65b..7e85ba0b0 100644 --- a/test/results/quic_q46.pcap.out +++ b/test/results/quic_q46.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866573 bytes -~~ total memory freed........: 5866573 bytes -~~ total allocations/frees...: 118106/118106 +~~ total memory allocated....: 5869960 bytes +~~ total memory freed........: 5869960 bytes +~~ total allocations/frees...: 118130/118130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2262 chars diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out index 7a905a688..b0ee4c692 100644 --- a/test/results/quic_q46_b.pcap.out +++ b/test/results/quic_q46_b.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866575 bytes -~~ total memory freed........: 5866575 bytes -~~ total allocations/frees...: 118106/118106 +~~ total memory allocated....: 5869962 bytes +~~ total memory freed........: 5869962 bytes +~~ total allocations/frees...: 118130/118130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 2343 chars diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out index 9180eac02..4098c8534 100644 --- a/test/results/quic_q50.pcap.out +++ b/test/results/quic_q50.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876890 bytes -~~ total memory freed........: 5876890 bytes -~~ total allocations/frees...: 118125/118125 +~~ total memory allocated....: 5880277 bytes +~~ total memory freed........: 5880277 bytes +~~ total allocations/frees...: 118149/118149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2270 chars diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out index 1dd28f0d8..01b903765 100644 --- a/test/results/quic_t50.pcap.out +++ b/test/results/quic_t50.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876677 bytes -~~ total memory freed........: 5876677 bytes -~~ total allocations/frees...: 118119/118119 +~~ total memory allocated....: 5880064 bytes +~~ total memory freed........: 5880064 bytes +~~ total allocations/frees...: 118143/118143 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2279 chars diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out index e549b74d9..df9524f60 100644 --- a/test/results/quic_t51.pcap.out +++ b/test/results/quic_t51.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5894950 bytes -~~ total memory freed........: 5894950 bytes -~~ total allocations/frees...: 118749/118749 +~~ total memory allocated....: 5898337 bytes +~~ total memory freed........: 5898337 bytes +~~ total allocations/frees...: 118773/118773 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2272 chars diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out index a96afc6a4..d075bcc4e 100644 --- a/test/results/quickplay.pcap.out +++ b/test/results/quickplay.pcap.out @@ -127,9 +127,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5896298 bytes -~~ total memory freed........: 5896298 bytes -~~ total allocations/frees...: 118353/118353 +~~ total memory allocated....: 5899685 bytes +~~ total memory freed........: 5899685 bytes +~~ total allocations/frees...: 118377/118377 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2367 chars diff --git a/test/results/radius_false_positive.pcapng.out b/test/results/radius_false_positive.pcapng.out index 0cd1a21d8..6e834f6ac 100644 --- a/test/results/radius_false_positive.pcapng.out +++ b/test/results/radius_false_positive.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866239 bytes -~~ total memory freed........: 5866239 bytes -~~ total allocations/frees...: 118095/118095 +~~ total memory allocated....: 5869626 bytes +~~ total memory freed........: 5869626 bytes +~~ total allocations/frees...: 118119/118119 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 479 chars ~~ json string max len.......: 2155 chars diff --git a/test/results/raknet.pcap.out b/test/results/raknet.pcap.out index 7957e5321..9cc25ff9f 100644 --- a/test/results/raknet.pcap.out +++ b/test/results/raknet.pcap.out @@ -76,9 +76,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879215 bytes -~~ total memory freed........: 5879215 bytes -~~ total allocations/frees...: 118184/118184 +~~ total memory allocated....: 5882602 bytes +~~ total memory freed........: 5882602 bytes +~~ total allocations/frees...: 118208/118208 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 2398 chars diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out index eb810cf5f..9d713b32a 100644 --- a/test/results/rdp.pcap.out +++ b/test/results/rdp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5924249 bytes -~~ total memory freed........: 5924249 bytes -~~ total allocations/frees...: 120096/120096 +~~ total memory allocated....: 5927636 bytes +~~ total memory freed........: 5927636 bytes +~~ total allocations/frees...: 120120/120120 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 436 chars ~~ json string max len.......: 820 chars diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out index c5f092049..869343687 100644 --- a/test/results/reasm_crash_anon.pcapng.out +++ b/test/results/reasm_crash_anon.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878719 bytes -~~ total memory freed........: 5878719 bytes -~~ total allocations/frees...: 118297/118297 +~~ total memory allocated....: 5882106 bytes +~~ total memory freed........: 5882106 bytes +~~ total allocations/frees...: 118321/118321 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars ~~ json string max len.......: 657 chars diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out index dc9359289..c351f5980 100644 --- a/test/results/reasm_segv_anon.pcapng.out +++ b/test/results/reasm_segv_anon.pcapng.out @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868327 bytes -~~ total memory freed........: 5868327 bytes -~~ total allocations/frees...: 118167/118167 +~~ total memory allocated....: 5871714 bytes +~~ total memory freed........: 5871714 bytes +~~ total allocations/frees...: 118191/118191 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 244 chars ~~ json string max len.......: 703 chars diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out index 8e4b105eb..d4f49f4f3 100644 --- a/test/results/reddit.pcap.out +++ b/test/results/reddit.pcap.out @@ -453,9 +453,9 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6495175 bytes -~~ total memory freed........: 6495175 bytes -~~ total allocations/frees...: 130258/130258 +~~ total memory allocated....: 6498562 bytes +~~ total memory freed........: 6498562 bytes +~~ total allocations/frees...: 130282/130282 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1464 chars diff --git a/test/results/rsh-syslog-false-positive.pcap.out b/test/results/rsh-syslog-false-positive.pcap.out index f4829e88b..b8fc93a8a 100644 --- a/test/results/rsh-syslog-false-positive.pcap.out +++ b/test/results/rsh-syslog-false-positive.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868229 bytes -~~ total memory freed........: 5868229 bytes -~~ total allocations/frees...: 118094/118094 +~~ total memory allocated....: 5871616 bytes +~~ total memory freed........: 5871616 bytes +~~ total allocations/frees...: 118118/118118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 256 chars ~~ json string max len.......: 1642 chars diff --git a/test/results/rsh.pcap.out b/test/results/rsh.pcap.out index d98771250..f20ab181f 100644 --- a/test/results/rsh.pcap.out +++ b/test/results/rsh.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871859 bytes -~~ total memory freed........: 5871859 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 5875246 bytes +~~ total memory freed........: 5875246 bytes +~~ total allocations/frees...: 118140/118140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 788 chars diff --git a/test/results/rsync.pcap.out b/test/results/rsync.pcap.out index 11b606473..9813df1dc 100644 --- a/test/results/rsync.pcap.out +++ b/test/results/rsync.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868867 bytes -~~ total memory freed........: 5868867 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 5872254 bytes +~~ total memory freed........: 5872254 bytes +~~ total allocations/frees...: 118140/118140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 681 chars diff --git a/test/results/rtmp.pcap.out b/test/results/rtmp.pcap.out index 0410da435..39aad62e5 100644 --- a/test/results/rtmp.pcap.out +++ b/test/results/rtmp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868751 bytes -~~ total memory freed........: 5868751 bytes -~~ total allocations/frees...: 118112/118112 +~~ total memory allocated....: 5872138 bytes +~~ total memory freed........: 5872138 bytes +~~ total allocations/frees...: 118136/118136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 684 chars diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out index d917aa80a..0ef707841 100644 --- a/test/results/rtsp.pcap.out +++ b/test/results/rtsp.pcap.out @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5903001 bytes -~~ total memory freed........: 5903001 bytes -~~ total allocations/frees...: 118679/118679 +~~ total memory allocated....: 5906388 bytes +~~ total memory freed........: 5906388 bytes +~~ total allocations/frees...: 118703/118703 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 804 chars diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out index ad893fa0e..af81a1562 100644 --- a/test/results/rtsp_setup_http.pcapng.out +++ b/test/results/rtsp_setup_http.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868078 bytes -~~ total memory freed........: 5868078 bytes -~~ total allocations/frees...: 118088/118088 +~~ total memory allocated....: 5871465 bytes +~~ total memory freed........: 5871465 bytes +~~ total allocations/frees...: 118112/118112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 818 chars diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out index 48af5a7ca..da7c89386 100644 --- a/test/results/rx.pcap.out +++ b/test/results/rx.pcap.out @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873905 bytes -~~ total memory freed........: 5873905 bytes -~~ total allocations/frees...: 118229/118229 +~~ total memory allocated....: 5877292 bytes +~~ total memory freed........: 5877292 bytes +~~ total allocations/frees...: 118253/118253 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 1899 chars diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out index 17c6dcb5d..c3d4e3bfd 100644 --- a/test/results/s7comm.pcap.out +++ b/test/results/s7comm.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867544 bytes -~~ total memory freed........: 5867544 bytes -~~ total allocations/frees...: 118140/118140 +~~ total memory allocated....: 5870931 bytes +~~ total memory freed........: 5870931 bytes +~~ total allocations/frees...: 118164/118164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 685 chars diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out index 6412df29c..a98872da8 100644 --- a/test/results/safari.pcap.out +++ b/test/results/safari.pcap.out @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6073704 bytes -~~ total memory freed........: 6073704 bytes -~~ total allocations/frees...: 124146/124146 +~~ total memory allocated....: 6077091 bytes +~~ total memory freed........: 6077091 bytes +~~ total allocations/frees...: 124170/124170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1220 chars diff --git a/test/results/salesforce.pcap.out b/test/results/salesforce.pcap.out index 5f5b6e0a6..00bea2e69 100644 --- a/test/results/salesforce.pcap.out +++ b/test/results/salesforce.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874815 bytes -~~ total memory freed........: 5874815 bytes -~~ total allocations/frees...: 118108/118108 +~~ total memory allocated....: 5878202 bytes +~~ total memory freed........: 5878202 bytes +~~ total allocations/frees...: 118132/118132 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1259 chars diff --git a/test/results/sccp_hw_conf_register.pcapng.out b/test/results/sccp_hw_conf_register.pcapng.out index c29343480..78ff937fc 100644 --- a/test/results/sccp_hw_conf_register.pcapng.out +++ b/test/results/sccp_hw_conf_register.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868490 bytes -~~ total memory freed........: 5868490 bytes -~~ total allocations/frees...: 118103/118103 +~~ total memory allocated....: 5871877 bytes +~~ total memory freed........: 5871877 bytes +~~ total allocations/frees...: 118127/118127 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 707 chars diff --git a/test/results/sctp.cap.out b/test/results/sctp.cap.out index 6ec68a8a8..2523bf03d 100644 --- a/test/results/sctp.cap.out +++ b/test/results/sctp.cap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867097 bytes -~~ total memory freed........: 5867097 bytes -~~ total allocations/frees...: 118092/118092 +~~ total memory allocated....: 5870484 bytes +~~ total memory freed........: 5870484 bytes +~~ total allocations/frees...: 118116/118116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 640 chars diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out index 852247d33..0f77b0d3b 100644 --- a/test/results/selfsigned.pcap.out +++ b/test/results/selfsigned.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876937 bytes -~~ total memory freed........: 5876937 bytes -~~ total allocations/frees...: 118113/118113 +~~ total memory allocated....: 5880324 bytes +~~ total memory freed........: 5880324 bytes +~~ total allocations/frees...: 118137/118137 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1401 chars diff --git a/test/results/sflow.pcap.out b/test/results/sflow.pcap.out index be8128b99..c3700b489 100644 --- a/test/results/sflow.pcap.out +++ b/test/results/sflow.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866210 bytes -~~ total memory freed........: 5866210 bytes -~~ total allocations/frees...: 118094/118094 +~~ total memory allocated....: 5869597 bytes +~~ total memory freed........: 5869597 bytes +~~ total allocations/frees...: 118118/118118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 685 chars diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out index a5b9f2358..691c3c989 100644 --- a/test/results/signal.pcap.out +++ b/test/results/signal.pcap.out @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5960674 bytes -~~ total memory freed........: 5960674 bytes -~~ total allocations/frees...: 118862/118862 +~~ total memory allocated....: 5964061 bytes +~~ total memory freed........: 5964061 bytes +~~ total allocations/frees...: 118886/118886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1427 chars diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out index c2c408b3c..1d1c0595f 100644 --- a/test/results/simple-dnscrypt.pcap.out +++ b/test/results/simple-dnscrypt.pcap.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5961712 bytes -~~ total memory freed........: 5961712 bytes -~~ total allocations/frees...: 118247/118247 +~~ total memory allocated....: 5965099 bytes +~~ total memory freed........: 5965099 bytes +~~ total allocations/frees...: 118271/118271 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1269 chars diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out index d590a04e0..3129a9a3e 100644 --- a/test/results/sip.pcap.out +++ b/test/results/sip.pcap.out @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872293 bytes -~~ total memory freed........: 5872293 bytes -~~ total allocations/frees...: 118206/118206 +~~ total memory allocated....: 5875680 bytes +~~ total memory freed........: 5875680 bytes +~~ total allocations/frees...: 118230/118230 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1532 chars diff --git a/test/results/sites.pcapng.out b/test/results/sites.pcapng.out index 4276cc67f..4678dfc96 100644 --- a/test/results/sites.pcapng.out +++ b/test/results/sites.pcapng.out @@ -344,9 +344,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6242894 bytes -~~ total memory freed........: 6242894 bytes -~~ total allocations/frees...: 119202/119202 +~~ total memory allocated....: 6246281 bytes +~~ total memory freed........: 6246281 bytes +~~ total allocations/frees...: 119226/119226 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2306 chars diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out index e0f3ea882..52834c55b 100644 --- a/test/results/skype-conference-call.pcap.out +++ b/test/results/skype-conference-call.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879957 bytes -~~ total memory freed........: 5879957 bytes -~~ total allocations/frees...: 118287/118287 +~~ total memory allocated....: 5883344 bytes +~~ total memory freed........: 5883344 bytes +~~ total allocations/frees...: 118311/118311 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 477 chars ~~ json string max len.......: 850 chars diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out index 732c24396..e1a1e8d70 100644 --- a/test/results/skype.pcap.out +++ b/test/results/skype.pcap.out @@ -1473,9 +1473,9 @@ ~~ total active/idle flows...: 293/293 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6592778 bytes -~~ total memory freed........: 6592778 bytes -~~ total allocations/frees...: 122185/122185 +~~ total memory allocated....: 6596165 bytes +~~ total memory freed........: 6596165 bytes +~~ total allocations/frees...: 122209/122209 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 1773 chars diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out index 534e606e5..5b92f559e 100644 --- a/test/results/skype_no_unknown.pcap.out +++ b/test/results/skype_no_unknown.pcap.out @@ -1299,9 +1299,9 @@ ~~ total active/idle flows...: 267/267 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6430012 bytes -~~ total memory freed........: 6430012 bytes -~~ total allocations/frees...: 121071/121071 +~~ total memory allocated....: 6433399 bytes +~~ total memory freed........: 6433399 bytes +~~ total allocations/frees...: 121095/121095 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 197 chars ~~ json string max len.......: 1776 chars diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out index a8f29297a..7304ac381 100644 --- a/test/results/skype_udp.pcap.out +++ b/test/results/skype_udp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866094 bytes -~~ total memory freed........: 5866094 bytes -~~ total allocations/frees...: 118090/118090 +~~ total memory allocated....: 5869481 bytes +~~ total memory freed........: 5869481 bytes +~~ total allocations/frees...: 118114/118114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 672 chars diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out index aebaf602f..1d45784c0 100644 --- a/test/results/smb_deletefile.pcap.out +++ b/test/results/smb_deletefile.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868878 bytes -~~ total memory freed........: 5868878 bytes -~~ total allocations/frees...: 118186/118186 +~~ total memory allocated....: 5872265 bytes +~~ total memory freed........: 5872265 bytes +~~ total allocations/frees...: 118210/118210 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1139 chars diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out index 60191c96b..0467588e0 100644 --- a/test/results/smbv1.pcap.out +++ b/test/results/smbv1.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868233 bytes -~~ total memory freed........: 5868233 bytes -~~ total allocations/frees...: 118095/118095 +~~ total memory allocated....: 5871620 bytes +~~ total memory freed........: 5871620 bytes +~~ total allocations/frees...: 118119/118119 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1034 chars diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out index ff2dc8596..335274e3d 100644 --- a/test/results/smpp_in_general.pcap.out +++ b/test/results/smpp_in_general.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868490 bytes -~~ total memory freed........: 5868490 bytes -~~ total allocations/frees...: 118103/118103 +~~ total memory allocated....: 5871877 bytes +~~ total memory freed........: 5871877 bytes +~~ total allocations/frees...: 118127/118127 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 694 chars diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out index ba5d261f5..05bbbc842 100644 --- a/test/results/smtp-starttls.pcap.out +++ b/test/results/smtp-starttls.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866993 bytes -~~ total memory freed........: 5866993 bytes -~~ total allocations/frees...: 118121/118121 +~~ total memory allocated....: 5870380 bytes +~~ total memory freed........: 5870380 bytes +~~ total allocations/frees...: 118145/118145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 691 chars diff --git a/test/results/smtp.pcap.out b/test/results/smtp.pcap.out index 37435162e..7272058cc 100644 --- a/test/results/smtp.pcap.out +++ b/test/results/smtp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870752 bytes -~~ total memory freed........: 5870752 bytes -~~ total allocations/frees...: 118181/118181 +~~ total memory allocated....: 5874139 bytes +~~ total memory freed........: 5874139 bytes +~~ total allocations/frees...: 118205/118205 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 680 chars diff --git a/test/results/smtps.pcapng.out b/test/results/smtps.pcapng.out index b80d44835..0d3fbd2e9 100644 --- a/test/results/smtps.pcapng.out +++ b/test/results/smtps.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868121 bytes -~~ total memory freed........: 5868121 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5871508 bytes +~~ total memory freed........: 5871508 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1151 chars diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out index a52af507e..042bebd0c 100644 --- a/test/results/snapchat.pcap.out +++ b/test/results/snapchat.pcap.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875807 bytes -~~ total memory freed........: 5875807 bytes -~~ total allocations/frees...: 118153/118153 +~~ total memory allocated....: 5879194 bytes +~~ total memory freed........: 5879194 bytes +~~ total allocations/frees...: 118177/118177 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1113 chars diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out index 4ec8003e3..af8f08eb8 100644 --- a/test/results/snapchat_call.pcapng.out +++ b/test/results/snapchat_call.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867399 bytes -~~ total memory freed........: 5867399 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 5870786 bytes +~~ total memory freed........: 5870786 bytes +~~ total allocations/frees...: 118159/118159 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 2286 chars diff --git a/test/results/snmp.pcap.out b/test/results/snmp.pcap.out index 25a06bbc2..5c6a0605b 100644 --- a/test/results/snmp.pcap.out +++ b/test/results/snmp.pcap.out @@ -114,9 +114,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5884576 bytes -~~ total memory freed........: 5884576 bytes -~~ total allocations/frees...: 118207/118207 +~~ total memory allocated....: 5887963 bytes +~~ total memory freed........: 5887963 bytes +~~ total allocations/frees...: 118231/118231 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1911 chars diff --git a/test/results/soap.pcap.out b/test/results/soap.pcap.out new file mode 100644 index 000000000..c54f57789 --- /dev/null +++ b/test/results/soap.pcap.out @@ -0,0 +1,35 @@ +00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"soap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"soap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946731321416} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946731321416,"flow_last_seen":946731321416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946731321416,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946731321416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946731321416,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946731321441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946731321441,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} +02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946731323902,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946731323902,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtJAAH8GH57AqAJkFwLVpcO0AFABqsQz6c\/N2FAYAQQJEwAAOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBWAEkARAAmAGEAbQBwADsAMAAwADAAMQAwADAANQA3AF8AUABJAEQAJgBhAG0AcAA7ADAAMAAyADMAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAFYASQBEACYAYQBtAHAAOwAwADAAMAAxADAAMAA1ADcAXwBQAEkARAAmAGEAbQBwADsAMAAwADIAMwA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGIALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADAAMQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADEAMABjAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGUALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADEAZQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwALwBoAHcAaQBkAHMAPgA8AC8AZwBkAG0AZABoAHcAaQBkAD4APAAvAEgAVwBJAEQAUgBlAHEAdQBlAHMAdABzAD4APAAvAEQAZQB2AGkAYwBlAE0AZQB0AGEAZABhAHQAYQBCAGEAdABjAGgAUgBlAHEAdQBlAHMAdAA+ADwALwBzADoAQgBvAGQAeQA+ADwALwBzADoARQBuAHYAZQBsAG8AcABlAD4A"} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":946731321416,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2904,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946731326059,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946731326059,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP.Microsoft","breed":"Safe","category":"Cloud"}} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"soap.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639054092487} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054092487,"flow_last_seen":1639054092487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639054092487,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639054092487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1639054092487,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} +02098{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639054092538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_msec":1639054092538,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639054092687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_msec":1639054092687,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1639054092487,"flow_last_seen":1639054092826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1227,"flow_tot_l4_payload_len":3642,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1639054092487,"flow_last_seen":1639054092826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1227,"flow_tot_l4_payload_len":3642,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP.Microsoft","breed":"Safe","category":"Cloud"}} +00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946731321416,"flow_last_seen":946731326431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4652,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1639054092826} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 20/20 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 9746 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5882391 bytes +~~ total memory freed........: 5882391 bytes +~~ total allocations/frees...: 118142/118142 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 460 chars +~~ json string max len.......: 2394 chars +~~ json string avg len.......: 1426 chars diff --git a/test/results/socks-http-example.pcap.out b/test/results/socks-http-example.pcap.out index 92c0859b9..0f8660139 100644 --- a/test/results/socks-http-example.pcap.out +++ b/test/results/socks-http-example.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875491 bytes -~~ total memory freed........: 5875491 bytes -~~ total allocations/frees...: 118140/118140 +~~ total memory allocated....: 5878878 bytes +~~ total memory freed........: 5878878 bytes +~~ total allocations/frees...: 118164/118164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars ~~ json string max len.......: 699 chars diff --git a/test/results/softether-http.pcap.out b/test/results/softether-http.pcap.out index 16c6eaebc..818eab4bd 100644 --- a/test/results/softether-http.pcap.out +++ b/test/results/softether-http.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866271 bytes -~~ total memory freed........: 5866271 bytes -~~ total allocations/frees...: 118093/118093 +~~ total memory allocated....: 5869658 bytes +~~ total memory freed........: 5869658 bytes +~~ total allocations/frees...: 118117/118117 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 948 chars diff --git a/test/results/someip-tp.pcap.out b/test/results/someip-tp.pcap.out index fa05c9788..f3188c5a6 100644 --- a/test/results/someip-tp.pcap.out +++ b/test/results/someip-tp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866210 bytes -~~ total memory freed........: 5866210 bytes -~~ total allocations/frees...: 118094/118094 +~~ total memory allocated....: 5869597 bytes +~~ total memory freed........: 5869597 bytes +~~ total allocations/frees...: 118118/118118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2358 chars diff --git a/test/results/someip-udp-method-call.pcapng.out b/test/results/someip-udp-method-call.pcapng.out index c9e4c1e9b..72a13884f 100644 --- a/test/results/someip-udp-method-call.pcapng.out +++ b/test/results/someip-udp-method-call.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867068 bytes -~~ total memory freed........: 5867068 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5870455 bytes +~~ total memory freed........: 5870455 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 480 chars ~~ json string max len.......: 898 chars diff --git a/test/results/someip_sd_sample.pcap.out b/test/results/someip_sd_sample.pcap.out index 464021589..ce0c66829 100644 --- a/test/results/someip_sd_sample.pcap.out +++ b/test/results/someip_sd_sample.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5864917 bytes -~~ total memory freed........: 5864917 bytes -~~ total allocations/frees...: 118082/118082 +~~ total memory allocated....: 5868304 bytes +~~ total memory freed........: 5868304 bytes +~~ total allocations/frees...: 118106/118106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 209 chars ~~ json string max len.......: 561 chars diff --git a/test/results/sql_injection.pcap.out b/test/results/sql_injection.pcap.out new file mode 100644 index 000000000..2ca28f673 --- /dev/null +++ b/test/results/sql_injection.pcap.out @@ -0,0 +1,24 @@ +00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sql_injection.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655243907401} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243907401,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":1,"thread_ts_msec":1655243907401,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":757,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":757,"pkt_l4_len":723,"thread_ts_msec":1655243907401,"pkt":"FE+Kc3lP4CvpcxhCCABFAALnBMxAAEAGqxzAqANtwKgDa9EYAFBtgZhQ14snP4AYAfYjSgAAAQEICpBN+1KzuubyR0VUIC9EVldBLW1hc3Rlci92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9JTNGaWQlM0RhJTI3K1VOSU9OK1NFTEVDVCslMjJ0ZXh0MSUyMiUyQyUyMnRleHQyJTIyJTNCLS0rLSUyNlN1Ym1pdCUzRFN1Ym1pdCZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAxOTIuMTY4LjMuMTA3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC4wLjAgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClJlZmVyZXI6IGh0dHA6Ly8xOTIuMTY4LjMuMTA3L0RWV0EtbWFzdGVyL3Z1bG5lcmFiaWxpdGllcy9zcWxpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LUlULGl0O3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43DQpDb29raWU6IFBIUFNFU1NJRD11YTdvdW1xY2g0aDJxZWx1YnB2bzIxZGVjNjsgc2VjdXJpdHk9bG93DQoNCg=="} +01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243907401,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":1,"thread_ts_msec":1655243907401,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.3.107","url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36"}} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655243907401,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA0VvpAAEAGW6HAqANrwKgDbQBQ0RjXiyc\/bYGbA4AQAfhcQgAAAQEICrO7eEWQTftS"} +02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655243907402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1655243907402,"pkt":"4CvpcxhCFE+Kc3lPCABFAAXcVvtAAEAGVfjAqANrwKgDbQBQ0RjXiyc\/bYGbA4AQAfjDwgAAAQEICrO7eEeQTftSSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUdWUsIDE0IEp1biAyMDIyIDIxOjU4OjI3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjQxIChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTM3NQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOlWP9P2zgU\/7lI+x98Pmls0yU+kE46sSQTUBg9sY0tsN1JJ1VO4rYGJ\/Fsp13vr79nO2kDg5UVCRH7+fnj5\/fdjX4Zfji+\/OfiBM1MKZKdnch+kaDVNMasCt4eYSAOohmjRbIzGEQlMxR4jQzY14bPY3xcV4ZVJrhcSoZR7mcxNuybIRbrNcpnVGlm4qvL0+BPjIgFHESGG8GSz42omKIZF9wsD1D68RyNqmuWG15X6OAADWlZoY5JMPSFZehQSsFz6lheDD9\/OXyJ5nvh3u\/o1ZDNmahlCRK8iog\/wR0meHWDFBMx1mYpmJ4xZjAyIHIraa41RjPFJjEOQwJ\/xXxBLZWUlFehWyZ3sTjctkP5l5d0ygiQbuNM6NyyhW6hRdC54tL0j7+mc+qpGGmV3xLiWrvvBcCH1xonEfGczi7EGwZGWV0sUS6o1jGe1SXDzlwFnyNexNjaBS7ClDNnb8HuX1EHES+n3wngbqaJqKd1KKspRlSAgTdYprssiAhH3TnU6nQMVmpW5363Mpa0KFjhbgHrjejuZhePRJ3fWFUI3pFhQm8pPsTJGaghIhQ0Jniy8yNmXmmjGud1OpQziZNRj\/I4DHDxRvrNqR0igj4xIKLhUQ+ANCLZ4jbzXpxwMEamGsMITo7sF53WKn\/kTe8CsW8sB5zjuixpVayDbzu0XKuJRUs\/nW4HMOEkfCPB32Je5aIpmFfoKQcPG1mK3lq2RoqaFqQFu3KzLW9JpYGkRpyXsLxRDB0fXlwenx3ei6eZAJ1aX96Aq78KDqC3kuB2ElqkcQaZqriLh14cWfLL7XAXjN6MuQX9AiOUMm3tgUbDR8bIXbxvWo8t2t9pCqn8w7stxbIwqoP5xCZe308A0x1Yamq1NVKupQuGC3S0lLBlO5R1bQCwv2CSusnTc4pzXSi7PsRsIQWDetLjJIV9vJrUfv\/F2QV42aR+3Faa1Y3xGw\/t8Om3seWpgzx34zuYvpD0qtFDhclW0q4wPdtxa+2hdmVVmJ7Ztmjvhx0MlOc94LOcPZT5qmiO87pgY6oYdXCDaFKrElG3N8a\/YgTd1qwGud6eXHqOQST9d3ClmYLAO2jrdiWbfkcBbQT\/D8Z7f2BU0RJGfFVL+7y6yUpuOp60nc2paNbT9mAikx0nJLFSenmlYgnIgN6A8uguuno\/+vAepSfnJ8eXyMmxh39z3338OghQ8NxDxv4TZQq6hFOutHECHCC3xZPTRq1p+3A6HGUV6azmdTrbT95BeDq3UyVtNb7v2MDgz3y3tnYU27bqA0JYFS74DZes4DSs1ZTYGQHLjXlnOWjrqJpC04ohjdLqBic\/sXnleA9KsFgswooZLam6YSrM65Jk4MCQX7OgC0ubxIMVZpBDp2YC17mSh6V7IvBmyesF1dLfe7EIAL9sKotJjaEQo04Ro81a\/CmYzVJldZYtA2NjSrtLP3w="} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655243907401,"flow_last_seen":1655243907406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":483,"midstream":1,"thread_ts_msec":1655243907406,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"sql_injection.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1655243907406} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 5/5 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 2418 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5869773 bytes +~~ total memory freed........: 5869773 bytes +~~ total allocations/frees...: 118119/118119 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 469 chars +~~ json string max len.......: 2432 chars +~~ json string avg len.......: 1378 chars diff --git a/test/results/ssdp-m-search-ua.pcap.out b/test/results/ssdp-m-search-ua.pcap.out index 3c67d0917..537d7b8a6 100644 --- a/test/results/ssdp-m-search-ua.pcap.out +++ b/test/results/ssdp-m-search-ua.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866101 bytes -~~ total memory freed........: 5866101 bytes -~~ total allocations/frees...: 118090/118090 +~~ total memory allocated....: 5869488 bytes +~~ total memory freed........: 5869488 bytes +~~ total allocations/frees...: 118114/118114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 698 chars diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out index 1807c7725..53de55b35 100644 --- a/test/results/ssdp-m-search.pcap.out +++ b/test/results/ssdp-m-search.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866500 bytes -~~ total memory freed........: 5866500 bytes -~~ total allocations/frees...: 118104/118104 +~~ total memory allocated....: 5869887 bytes +~~ total memory freed........: 5869887 bytes +~~ total allocations/frees...: 118128/118128 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 694 chars diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out index b07b41d6b..6eb456ad3 100644 --- a/test/results/ssh.pcap.out +++ b/test/results/ssh.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875435 bytes -~~ total memory freed........: 5875435 bytes -~~ total allocations/frees...: 118347/118347 +~~ total memory allocated....: 5878822 bytes +~~ total memory freed........: 5878822 bytes +~~ total allocations/frees...: 118371/118371 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out index 28d62dc89..9acd3f0e8 100644 --- a/test/results/ssl-cert-name-mismatch.pcap.out +++ b/test/results/ssl-cert-name-mismatch.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874766 bytes -~~ total memory freed........: 5874766 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 5878153 bytes +~~ total memory freed........: 5878153 bytes +~~ total allocations/frees...: 118138/118138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 478 chars ~~ json string max len.......: 1212 chars diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out index be25fc734..a50c04c1a 100644 --- a/test/results/starcraft_battle.pcap.out +++ b/test/results/starcraft_battle.pcap.out @@ -10,7 +10,7 @@ 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1437389953742,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389953742,"pkt":"hCYVPnXEIImEa8W6CABFAABIX18AAIARVpPAqAFkwKgB\/uXCADUANO2f6I8BAAABAAAAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953742,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437389953743,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1437389953743,"pkt":"IImEa8W6hCYVPnXECABFAABcAABAAEARtd7AqAH+wKgBZAA15cIASF7P6I+BgAABAAEAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAAAAgGbmItd2luAA=="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437389953774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389953774,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389954123,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389954123,"pkt":"IImEa8W6hCYVPnXECABFAAAohUoAAPMGdW9Q77oawKgBZAG7DZT7ZyHlrZYt91AU9s3jwgAAAAAAAAAA"} @@ -66,7 +66,7 @@ 00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1437389964783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1437389964783,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2YAAIARVpXAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1437389964788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_msec":1437389964788,"pkt":"IImEa8W6hCYVPnXECABFAACCAABAAEARtbjAqAH+wKgBZAA16noAbnPyAXaBgAABAAMAAAAABGxsbncIYmxpenphcmQDY29tAAABAAHADAAFAAEAAFQfABcIYmxpenphcmQCdm8FbGxud2QDbmV0AMAvAAEAAQAAATwABFf43f7ALwABAAEAAAE8AARX+N39"} -00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}} +01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964790,"flow_last_seen":1437389964790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389964790,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1437389964790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964790,"pkt":"hCYVPnXEIImEa8W6CABFAAA0FwlAAIAG67fAqAFkV\/jd\/g20AFApaAewAAAAAIAC\/\/838QAAAgQFtAEDAwgBAQQC"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1437389964848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964848,"pkt":"IImEa8W6hCYVPnXECABFAAA0tGpAAPUG2VVX+N3+wKgBZABQDbTA0NjuKWgHsYAS\/\/+fJQAAAgQFtAEDAwQEAgAA"} @@ -279,7 +279,7 @@ 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -307,7 +307,7 @@ 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} @@ -321,9 +321,9 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5968315 bytes -~~ total memory freed........: 5968315 bytes -~~ total allocations/frees...: 119109/119109 +~~ total memory allocated....: 5971761 bytes +~~ total memory freed........: 5971761 bytes +~~ total allocations/frees...: 119135/119135 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 199 chars ~~ json string max len.......: 1155 chars diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out index 3842e3a53..bab425928 100644 --- a/test/results/steam.pcap.out +++ b/test/results/steam.pcap.out @@ -270,9 +270,9 @@ ~~ total active/idle flows...: 55/55 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5924693 bytes -~~ total memory freed........: 5924693 bytes -~~ total allocations/frees...: 118351/118351 +~~ total memory allocated....: 5928080 bytes +~~ total memory freed........: 5928080 bytes +~~ total allocations/frees...: 118375/118375 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 681 chars diff --git a/test/results/steam_datagram_relay_ping.pcapng.out b/test/results/steam_datagram_relay_ping.pcapng.out index 38ed0737e..62382ce56 100644 --- a/test/results/steam_datagram_relay_ping.pcapng.out +++ b/test/results/steam_datagram_relay_ping.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866007 bytes -~~ total memory freed........: 5866007 bytes -~~ total allocations/frees...: 118087/118087 +~~ total memory allocated....: 5869394 bytes +~~ total memory freed........: 5869394 bytes +~~ total allocations/frees...: 118111/118111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 483 chars ~~ json string max len.......: 2199 chars diff --git a/test/results/stun_facebook.pcapng.out b/test/results/stun_facebook.pcapng.out index 0d3c4542c..5cea27413 100644 --- a/test/results/stun_facebook.pcapng.out +++ b/test/results/stun_facebook.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876332 bytes -~~ total memory freed........: 5876332 bytes -~~ total allocations/frees...: 118162/118162 +~~ total memory allocated....: 5879719 bytes +~~ total memory freed........: 5879719 bytes +~~ total allocations/frees...: 118186/118186 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 838 chars diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out index 6f7023746..f16e92ef1 100644 --- a/test/results/stun_signal.pcapng.out +++ b/test/results/stun_signal.pcapng.out @@ -147,9 +147,9 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5910333 bytes -~~ total memory freed........: 5910333 bytes -~~ total allocations/frees...: 118619/118619 +~~ total memory allocated....: 5913720 bytes +~~ total memory freed........: 5913720 bytes +~~ total allocations/frees...: 118643/118643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 844 chars diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out index 275966071..7de3a4467 100644 --- a/test/results/synscan.pcap.out +++ b/test/results/synscan.pcap.out @@ -6231,9 +6231,9 @@ 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -7996,9 +7996,9 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7981064 bytes -~~ total memory freed........: 7981064 bytes -~~ total allocations/frees...: 126077/126077 +~~ total memory allocated....: 7984451 bytes +~~ total memory freed........: 7984451 bytes +~~ total allocations/frees...: 126101/126101 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 820 chars diff --git a/test/results/syslog.pcap.out b/test/results/syslog.pcap.out index 4a3734350..c0620a17e 100644 --- a/test/results/syslog.pcap.out +++ b/test/results/syslog.pcap.out @@ -134,9 +134,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5889125 bytes -~~ total memory freed........: 5889125 bytes -~~ total allocations/frees...: 118228/118228 +~~ total memory allocated....: 5892512 bytes +~~ total memory freed........: 5892512 bytes +~~ total allocations/frees...: 118252/118252 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 181 chars ~~ json string max len.......: 2143 chars diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index b246a493f..d7fc42705 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -241,7 +241,7 @@ 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1587041685127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1587041685127,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041685127,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1587041685136,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1587041685136,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041685136,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}} +00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041685136,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1587041685171,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685171,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -524,7 +524,7 @@ 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} 00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} @@ -603,9 +603,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7278709 bytes -~~ total memory freed........: 7278709 bytes -~~ total allocations/frees...: 121571/121571 +~~ total memory allocated....: 7282121 bytes +~~ total memory freed........: 7282121 bytes +~~ total allocations/frees...: 121596/121596 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 184 chars ~~ json string max len.......: 1949 chars diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out index 0e1101603..737c109c8 100644 --- a/test/results/teamspeak3.pcap.out +++ b/test/results/teamspeak3.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866326 bytes -~~ total memory freed........: 5866326 bytes -~~ total allocations/frees...: 118098/118098 +~~ total memory allocated....: 5869713 bytes +~~ total memory freed........: 5869713 bytes +~~ total allocations/frees...: 118122/118122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 695 chars diff --git a/test/results/teamviewer.pcap.out b/test/results/teamviewer.pcap.out index ef7b1f745..ab7a668bb 100644 --- a/test/results/teamviewer.pcap.out +++ b/test/results/teamviewer.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5904640 bytes -~~ total memory freed........: 5904640 bytes -~~ total allocations/frees...: 119387/119387 +~~ total memory allocated....: 5908027 bytes +~~ total memory freed........: 5908027 bytes +~~ total allocations/frees...: 119411/119411 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars ~~ json string max len.......: 1050 chars diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out index 3ac1c219c..c689efe31 100644 --- a/test/results/telegram.pcap.out +++ b/test/results/telegram.pcap.out @@ -121,7 +121,7 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1588779619914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1588779619914,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHqTUAAEARTdLAqAFNwKgBAbgXADUAM25TALgBAAABAAAAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAQ=="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1588779619916,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1588779619916,"pkt":"KDc3AG3IAICPmq69CABFAABXwqhAAEAR9E7AqAEBwKgBTQA1uBcAQ5UvALiBgAABAAEAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAcAMAAEAAQAAAAAABMCoAZ0="} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} +00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":435,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1588779617174,"flow_last_seen":1588779621221,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":5232,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1588779621221,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1588779625981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_msec":1588779625981,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/jrEAAEAR6r0AAAAA\/\/\/\/\/wBEAEMBa16\/AQEGAN7JmyKFuQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="} @@ -143,7 +143,7 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1588779629044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1588779629044,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6m54AAEARW3bAqAFNwKgBARa0ADUAJpvbsPwBAAABAAAAAAAABXBpeGVsAndwA2NvbQAAAQAB"} 00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1588779629045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1588779629045,"pkt":"KDc3AG3IAICPmq69CABFAABKxbFAAEAR8VLAqAEBwKgBTQA1FrQANpjhsPyBgAABAAEAAAAABXBpeGVsAndwA2NvbQAAAQABwAwAAQABAAAAAAAEwKgBnQ=="} -00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} +00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1588779629079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1588779629079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFpC4AAP8Rk9rAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -227,7 +227,7 @@ 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1588779650681,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1588779650842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779650842,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaJ+EAAAER35rAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1588779652844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779652844,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACajVgAAAEReiPAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} @@ -238,7 +238,7 @@ 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601223,"flow_last_seen":1588779632305,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -285,9 +285,9 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5960016 bytes -~~ total memory freed........: 5960016 bytes -~~ total allocations/frees...: 119796/119796 +~~ total memory allocated....: 5963453 bytes +~~ total memory freed........: 5963453 bytes +~~ total allocations/frees...: 119822/119822 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2278 chars diff --git a/test/results/telnet.pcap.out b/test/results/telnet.pcap.out index ec59b4da5..a3391bc6c 100644 --- a/test/results/telnet.pcap.out +++ b/test/results/telnet.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870665 bytes -~~ total memory freed........: 5870665 bytes -~~ total allocations/frees...: 118178/118178 +~~ total memory allocated....: 5874052 bytes +~~ total memory freed........: 5874052 bytes +~~ total allocations/frees...: 118202/118202 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 810 chars diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out index 4986b3b0f..399a5db73 100644 --- a/test/results/teredo.pcap.out +++ b/test/results/teredo.pcap.out @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870773 bytes -~~ total memory freed........: 5870773 bytes -~~ total allocations/frees...: 118121/118121 +~~ total memory allocated....: 5874160 bytes +~~ total memory freed........: 5874160 bytes +~~ total allocations/frees...: 118145/118145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 687 chars diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out index 7fd708163..cdf4f1718 100644 --- a/test/results/tftp.pcap.out +++ b/test/results/tftp.pcap.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872061 bytes -~~ total memory freed........: 5872061 bytes -~~ total allocations/frees...: 118198/118198 +~~ total memory allocated....: 5875448 bytes +~~ total memory freed........: 5875448 bytes +~~ total allocations/frees...: 118222/118222 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 1213 chars diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out index 882a24ba5..6bf04c2d5 100644 --- a/test/results/tinc.pcap.out +++ b/test/results/tinc.pcap.out @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886751 bytes -~~ total memory freed........: 5886751 bytes -~~ total allocations/frees...: 118423/118423 +~~ total memory allocated....: 5890138 bytes +~~ total memory freed........: 5890138 bytes +~~ total allocations/frees...: 118447/118447 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars ~~ json string max len.......: 2397 chars diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out index 00c7369dc..a076d07ba 100644 --- a/test/results/tk.pcap.out +++ b/test/results/tk.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868187 bytes -~~ total memory freed........: 5868187 bytes -~~ total allocations/frees...: 118097/118097 +~~ total memory allocated....: 5871574 bytes +~~ total memory freed........: 5871574 bytes +~~ total allocations/frees...: 118121/118121 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 777 chars diff --git a/test/results/tls-appdata.pcap.out b/test/results/tls-appdata.pcap.out index 3d15b6fe6..413c3a21d 100644 --- a/test/results/tls-appdata.pcap.out +++ b/test/results/tls-appdata.pcap.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5909336 bytes -~~ total memory freed........: 5909336 bytes -~~ total allocations/frees...: 118214/118214 +~~ total memory allocated....: 5912723 bytes +~~ total memory freed........: 5912723 bytes +~~ total allocations/frees...: 118238/118238 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2416 chars diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out index 112b48870..1251cd692 100644 --- a/test/results/tls-esni-fuzzed.pcap.out +++ b/test/results/tls-esni-fuzzed.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875540 bytes -~~ total memory freed........: 5875540 bytes -~~ total allocations/frees...: 118105/118105 +~~ total memory allocated....: 5878927 bytes +~~ total memory freed........: 5878927 bytes +~~ total allocations/frees...: 118129/118129 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 1433 chars diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out index c3368a0fe..e23149ba2 100644 --- a/test/results/tls-rdn-extract.pcap.out +++ b/test/results/tls-rdn-extract.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5907855 bytes -~~ total memory freed........: 5907855 bytes -~~ total allocations/frees...: 118143/118143 +~~ total memory allocated....: 5911242 bytes +~~ total memory freed........: 5911242 bytes +~~ total allocations/frees...: 118167/118167 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 3328 chars diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out index 7acc001da..0a18c6362 100644 --- a/test/results/tls_alert.pcap.out +++ b/test/results/tls_alert.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871650 bytes -~~ total memory freed........: 5871650 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 5875037 bytes +~~ total memory freed........: 5875037 bytes +~~ total allocations/frees...: 118134/118134 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1036 chars diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out index dd00d54b0..d50332b2a 100644 --- a/test/results/tls_certificate_too_long.pcap.out +++ b/test/results/tls_certificate_too_long.pcap.out @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6022321 bytes -~~ total memory freed........: 6022321 bytes -~~ total allocations/frees...: 118628/118628 +~~ total memory allocated....: 6025708 bytes +~~ total memory freed........: 6025708 bytes +~~ total allocations/frees...: 118652/118652 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2445 chars diff --git a/test/results/tls_cipher_lens.pcap.out b/test/results/tls_cipher_lens.pcap.out index a23fee0e6..a703cb603 100644 --- a/test/results/tls_cipher_lens.pcap.out +++ b/test/results/tls_cipher_lens.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880487 bytes -~~ total memory freed........: 5880487 bytes -~~ total allocations/frees...: 118112/118112 +~~ total memory allocated....: 5883874 bytes +~~ total memory freed........: 5883874 bytes +~~ total allocations/frees...: 118136/118136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 968 chars diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out index e192c1af6..7bfc5ee55 100644 --- a/test/results/tls_esni_sni_both.pcap.out +++ b/test/results/tls_esni_sni_both.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873419 bytes -~~ total memory freed........: 5873419 bytes -~~ total allocations/frees...: 118136/118136 +~~ total memory allocated....: 5876806 bytes +~~ total memory freed........: 5876806 bytes +~~ total allocations/frees...: 118160/118160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 1215 chars diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out index c99b3a69c..fbab5b9e0 100644 --- a/test/results/tls_invalid_reads.pcap.out +++ b/test/results/tls_invalid_reads.pcap.out @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871343 bytes -~~ total memory freed........: 5871343 bytes -~~ total allocations/frees...: 118100/118100 +~~ total memory allocated....: 5874730 bytes +~~ total memory freed........: 5874730 bytes +~~ total allocations/frees...: 118124/118124 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars ~~ json string max len.......: 950 chars diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out index 8807d30d8..d00ac4847 100644 --- a/test/results/tls_long_cert.pcap.out +++ b/test/results/tls_long_cert.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5912065 bytes -~~ total memory freed........: 5912065 bytes -~~ total allocations/frees...: 118329/118329 +~~ total memory allocated....: 5915452 bytes +~~ total memory freed........: 5915452 bytes +~~ total allocations/frees...: 118353/118353 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2434 chars diff --git a/test/results/tls_port_80.pcapng.out b/test/results/tls_port_80.pcapng.out index d943701fc..b8fab26d3 100644 --- a/test/results/tls_port_80.pcapng.out +++ b/test/results/tls_port_80.pcapng.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868403 bytes -~~ total memory freed........: 5868403 bytes -~~ total allocations/frees...: 118101/118101 +~~ total memory allocated....: 5871790 bytes +~~ total memory freed........: 5871790 bytes +~~ total allocations/frees...: 118125/118125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1232 chars diff --git a/test/results/tls_torrent.pcapng.out b/test/results/tls_torrent.pcapng.out index 2deffd6ea..1027a768d 100644 --- a/test/results/tls_torrent.pcapng.out +++ b/test/results/tls_torrent.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880686 bytes -~~ total memory freed........: 5880686 bytes -~~ total allocations/frees...: 118101/118101 +~~ total memory allocated....: 5884073 bytes +~~ total memory freed........: 5884073 bytes +~~ total allocations/frees...: 118125/118125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1343 chars diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out index 183e41079..6f5ab46be 100644 --- a/test/results/tls_verylong_certificate.pcap.out +++ b/test/results/tls_verylong_certificate.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6039620 bytes -~~ total memory freed........: 6039620 bytes -~~ total allocations/frees...: 118270/118270 +~~ total memory allocated....: 6043007 bytes +~~ total memory freed........: 6043007 bytes +~~ total allocations/frees...: 118294/118294 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 480 chars ~~ json string max len.......: 3604 chars diff --git a/test/results/toca-boca.pcap.out b/test/results/toca-boca.pcap.out index d71f475f0..1e666a0f4 100644 --- a/test/results/toca-boca.pcap.out +++ b/test/results/toca-boca.pcap.out @@ -111,9 +111,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5888822 bytes -~~ total memory freed........: 5888822 bytes -~~ total allocations/frees...: 118222/118222 +~~ total memory allocated....: 5892209 bytes +~~ total memory freed........: 5892209 bytes +~~ total allocations/frees...: 118246/118246 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2100 chars diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index be1cbd77d..85bec8f3b 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -362,9 +362,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5998338 bytes -~~ total memory freed........: 5998338 bytes -~~ total allocations/frees...: 121843/121843 +~~ total memory allocated....: 6001725 bytes +~~ total memory freed........: 6001725 bytes +~~ total allocations/frees...: 121867/121867 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 182 chars ~~ json string max len.......: 1405 chars diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out index 564b4d980..0e0fc9cc6 100644 --- a/test/results/trickbot.pcap.out +++ b/test/results/trickbot.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868330 bytes -~~ total memory freed........: 5868330 bytes -~~ total allocations/frees...: 118166/118166 +~~ total memory allocated....: 5871717 bytes +~~ total memory freed........: 5871717 bytes +~~ total allocations/frees...: 118190/118190 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1245 chars diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out index e4f071a2e..70c41e9da 100644 --- a/test/results/tumblr.pcap.out +++ b/test/results/tumblr.pcap.out @@ -278,9 +278,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7066761 bytes -~~ total memory freed........: 7066761 bytes -~~ total allocations/frees...: 143059/143059 +~~ total memory allocated....: 7070148 bytes +~~ total memory freed........: 7070148 bytes +~~ total allocations/frees...: 143083/143083 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1395 chars diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out index dc32107f6..d2c90c3cf 100644 --- a/test/results/ubntac2.pcap.out +++ b/test/results/ubntac2.pcap.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873405 bytes -~~ total memory freed........: 5873405 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 5876792 bytes +~~ total memory freed........: 5876792 bytes +~~ total allocations/frees...: 118138/118138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 703 chars diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out index 8cf3022f7..a8e9b50a7 100644 --- a/test/results/upnp.pcap.out +++ b/test/results/upnp.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867387 bytes -~~ total memory freed........: 5867387 bytes -~~ total allocations/frees...: 118102/118102 +~~ total memory allocated....: 5870774 bytes +~~ total memory freed........: 5870774 bytes +~~ total allocations/frees...: 118126/118126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1343 chars diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out index 269f2db3d..e5df578d5 100644 --- a/test/results/viber.pcap.out +++ b/test/results/viber.pcap.out @@ -190,9 +190,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6002475 bytes -~~ total memory freed........: 6002475 bytes -~~ total allocations/frees...: 118667/118667 +~~ total memory allocated....: 6005862 bytes +~~ total memory freed........: 6005862 bytes +~~ total allocations/frees...: 118691/118691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2407 chars diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out index 1b64a7345..c8119b9fd 100644 --- a/test/results/vnc.pcap.out +++ b/test/results/vnc.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6003076 bytes -~~ total memory freed........: 6003076 bytes -~~ total allocations/frees...: 122643/122643 +~~ total memory allocated....: 6006463 bytes +~~ total memory freed........: 6006463 bytes +~~ total allocations/frees...: 122667/122667 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 935 chars diff --git a/test/results/vrrp3.pcapng.out b/test/results/vrrp3.pcapng.out index 05a63cb9e..f2157edd8 100644 --- a/test/results/vrrp3.pcapng.out +++ b/test/results/vrrp3.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5867271 bytes -~~ total memory freed........: 5867271 bytes -~~ total allocations/frees...: 118098/118098 +~~ total memory allocated....: 5870658 bytes +~~ total memory freed........: 5870658 bytes +~~ total allocations/frees...: 118122/118122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 639 chars diff --git a/test/results/vxlan.pcap.out b/test/results/vxlan.pcap.out index 6a8fea62d..7a66aa05e 100644 --- a/test/results/vxlan.pcap.out +++ b/test/results/vxlan.pcap.out @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877888 bytes -~~ total memory freed........: 5877888 bytes -~~ total allocations/frees...: 118236/118236 +~~ total memory allocated....: 5881275 bytes +~~ total memory freed........: 5881275 bytes +~~ total allocations/frees...: 118260/118260 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2412 chars diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out index 0d74abfbd..661a44f03 100644 --- a/test/results/wa_video.pcap.out +++ b/test/results/wa_video.pcap.out @@ -88,9 +88,9 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5987723 bytes -~~ total memory freed........: 5987723 bytes -~~ total allocations/frees...: 119708/119708 +~~ total memory allocated....: 5991110 bytes +~~ total memory freed........: 5991110 bytes +~~ total allocations/frees...: 119732/119732 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2365 chars diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out index 9e392e4c0..cf32160ac 100644 --- a/test/results/wa_voice.pcap.out +++ b/test/results/wa_voice.pcap.out @@ -22,8 +22,7 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455688704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455688704,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455688744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455688744,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455688841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455688841,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455688704,"flow_last_seen":1561455689011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1561455689011,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1561455689728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1561455689728,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -158,12 +157,12 @@ 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-data-len":128892,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":27,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_msec":1561455743434} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-data-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_msec":1561455743434} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 ~~ skipped flows.............: 0 @@ -172,9 +171,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6005019 bytes -~~ total memory freed........: 6005019 bytes -~~ total allocations/frees...: 118923/118923 +~~ total memory allocated....: 5937086 bytes +~~ total memory freed........: 5937086 bytes +~~ total allocations/frees...: 118935/118935 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 2425 chars diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out index 048681120..a2273eeb2 100644 --- a/test/results/waze.pcap.out +++ b/test/results/waze.pcap.out @@ -235,9 +235,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5991989 bytes -~~ total memory freed........: 5991989 bytes -~~ total allocations/frees...: 118878/118878 +~~ total memory allocated....: 5995376 bytes +~~ total memory freed........: 5995376 bytes +~~ total allocations/frees...: 118902/118902 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 1348 chars diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out index c814bff01..7535ac538 100644 --- a/test/results/webex.pcap.out +++ b/test/results/webex.pcap.out @@ -389,9 +389,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6213020 bytes -~~ total memory freed........: 6213020 bytes -~~ total allocations/frees...: 120121/120121 +~~ total memory allocated....: 6216407 bytes +~~ total memory freed........: 6216407 bytes +~~ total allocations/frees...: 120145/120145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars ~~ json string max len.......: 1859 chars diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out index dad902742..de24ccb18 100644 --- a/test/results/websocket.pcap.out +++ b/test/results/websocket.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868142 bytes -~~ total memory freed........: 5868142 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5871529 bytes +~~ total memory freed........: 5871529 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 689 chars diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out index 73c5f60b5..86cbb250e 100644 --- a/test/results/wechat.pcap.out +++ b/test/results/wechat.pcap.out @@ -680,9 +680,9 @@ ~~ total active/idle flows...: 109/109 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6267481 bytes -~~ total memory freed........: 6267481 bytes -~~ total allocations/frees...: 120672/120672 +~~ total memory allocated....: 6270868 bytes +~~ total memory freed........: 6270868 bytes +~~ total allocations/frees...: 120696/120696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars ~~ json string max len.......: 2275 chars diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out index e8a0e75ec..6df111ad1 100644 --- a/test/results/weibo.pcap.out +++ b/test/results/weibo.pcap.out @@ -60,7 +60,7 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1463089072333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1463089072333,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1463089072444,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1463089072444,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -155,7 +155,7 @@ 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1463089073759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073759,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1463089073759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073759,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1463089073760,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1463089073760,"pkt":"eJKcD6iOkDVu60UQCABFAACPAABAAEARtqPAqAEBwKgBaQA1xdAAe7w5O9aBgAABAAMAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAHADAAFAAEAAAJYAAcEYWNqc8ATwC8ABQABAAABAAAhBGFjanMGYWxpeXVuA2NvbQNnZHMKYWxpYmFiYWRuc8AawEIAAQABAAAAbAAEKpy4Ew=="} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}} +01024{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8np1AAEAG913AqAFpKpy4E8wvAbt9EpT8AAAAAKACchBGkwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -208,7 +208,7 @@ 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} @@ -234,7 +234,7 @@ 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00916{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-data-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":239,"global_ts_msec":1463089073893} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -245,10 +245,10 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5928751 bytes -~~ total memory freed........: 5928751 bytes -~~ total allocations/frees...: 118752/118752 +~~ total memory allocated....: 5932197 bytes +~~ total memory freed........: 5932197 bytes +~~ total allocations/frees...: 118778/118778 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars -~~ json string max len.......: 947 chars -~~ json string avg len.......: 699 chars +~~ json string max len.......: 1029 chars +~~ json string avg len.......: 740 chars diff --git a/test/results/whatsapp.pcap.out b/test/results/whatsapp.pcap.out new file mode 100644 index 000000000..c799410b6 --- /dev/null +++ b/test/results/whatsapp.pcap.out @@ -0,0 +1,594 @@ +00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655030801747} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655030801747,"flow_last_seen":1655030801747,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655030801747,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655030801747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655030801747,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ABpAAD8GAijAqAJkszzDMa8EFGbkDT9OAAAAAKAC\/\/\/IawAAAgQFtAQCCArFapnmAAAAAAEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655030801776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655030801776,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ABtAAD8GAi\/AqAJkszzDMa8EFGbkDT9PTyfQe4AQAKy6dAAAAQEICsVqmgM2ROYE"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655030801861,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655030801861,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ABxAAD8GAirAqAJkszzDMa8EFGbkDT9PTyfQe4AYAKx0zgAAAQEICsVqmlg2ROYERUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655030801747,"flow_last_seen":1655030801890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1655030801890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1655031983762} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655031983762,"flow_last_seen":1655031983762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655031983762,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1655031983762,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655031983762,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wNRAAD8GQW3AqAJkszzDMZyUFGb3fC5VAAAAAKAC\/\/8sUAAAAgQFtAQCCAo3N9QvAAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1655031983792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655031983792,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wNVAAD8GQXTAqAJkszzDMZyUFGb3fC5W\/Bdho4AQAIAA5AAAAQEICjc31GXWXSVb"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1655031983812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655031983812,"pkt":"eJS0JASgYDjgxTWgCABFAAA4wNZAAD8GQW\/AqAJkszzDMZyUFGb3fC5W\/Bdho4AYAIC7fwAAAQEICjc31HjWXSVbRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655031983762,"flow_last_seen":1655031983846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655031983846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655032256845,"flow_last_seen":1655032256845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655032256845,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1655032256845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655032256845,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/WJAAD8GBN\/AqAJkszzDMaUgFGax9BloAAAAAKAC\/\/9G8wAAAgQFtAQCCApGZfxIAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1655032256875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655032256875,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/WNAAD8GBObAqAJkszzDMaUgFGax9BlpNUwtP4AQAVdnOAAAAQEICkZl\/HKo3wGM"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1655032257086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655032257086,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/WRAAD8GBOHAqAJkszzDMaUgFGax9BlpNUwtP4AYAVchFQAAAQEICkZl\/USo3wGMRUQAAQ=="} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655032256845,"flow_last_seen":1655032257115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655032257115,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-data-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_msec":1655032857220} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655032857220,"flow_last_seen":1655032857220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655032857220,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1655032857220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655032857220,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wH9AAD8GQcLAqAJkszzDMaXEFGbLQu4oAAAAAKAC\/\/8vAgAAAgQFtAQCCApGbyV9AAAAAAEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1655032857250,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655032857250,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wIBAAD8GQcnAqAJkszzDMaXEFGbLQu4pkG\/w9oAQAVfp3wAAAQEICkZvJafXThmp"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1655032857827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655032857827,"pkt":"eJS0JASgYDjgxTWgCABFAAA4wIFAAD8GQcTAqAJkszzDMaXEFGbLQu4pkG\/w9oAYAVeiWAAAAQEICkZvJ93XThmpRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655032857220,"flow_last_seen":1655032857857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655032857857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1655033482376} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655033482376,"flow_last_seen":1655033482376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655033482376,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1655033482376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655033482376,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gelAAD8GgFjAqAJkszzDMZzyFGaeLx0YAAAAAKAC\/\/83kgAAAgQFtAQCCAo3PDMVAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1655033482414,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655033482414,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gepAAD8GgF\/AqAJkszzDMZzyFGaeLx0Zpn\/BEoAQAIBtAgAAAQEICjc8MzXDJ83z"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1655033482468,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655033482468,"pkt":"eJS0JASgYDjgxTWgCABFAAA4getAAD8GgFrAqAJkszzDMZzyFGaeLx0Zpn\/BEoAYAIAneAAAAQEICjc8M27DJ83zRUQAAQ=="} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033482376,"flow_last_seen":1655033482498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655033482498,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655033797377,"flow_last_seen":1655033797377,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655033797377,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655033797377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655033797377,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nO5AAD8GZVPAqAJkszzDMaaWFGa281iWAAAAAKAC\/\/9\/gAAAAgQFtAQCCApGfX4AAAAAAAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655033797408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655033797408,"pkt":"eJS0JASgYDjgxTWgCABFAAA0nO9AAD8GZVrAqAJkszzDMaaWFGa281iXgu6c24AQAVcrDQAAAQEICkZ9fiWj+b3w"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655033797436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655033797436,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nPBAAD8GZVXAqAJkszzDMaaWFGa281iXgu6c24AYAVfloAAAAQEICkZ9fkCj+b3wRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033797377,"flow_last_seen":1655033797468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655033797468,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655033850395,"flow_last_seen":1655033850395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655033850395,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655033850395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655033850395,"pkt":"eJS0JASgYDjgxTWgCABFAAA88ONAAD8GEV7AqAJkszzDMZ0MFGa\/1NfCAAAAAKAC\/\/\/I8wAAAgQFtAQCCAo3PcVIAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655033850502,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655033850502,"pkt":"eJS0JASgYDjgxTWgCABFAAA08ORAAD8GEWXAqAJkszzDMZ0MFGa\/1NfDoiLOPYAQAIA8iQAAAQEICjc9xe1pw9\/f"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1655033850502,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655033850502,"pkt":"eJS0JASgYDjgxTWgCABFAAA48OVAAD8GEWDAqAJkszzDMZ0MFGa\/1NfDoiLOPYAYAID3LAAAAQEICjc9xfhpw9\/fRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033850395,"flow_last_seen":1655033850680,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655033850680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-data-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1655034332550} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655034332550,"flow_last_seen":1655034332550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655034332550,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655034332550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655034332550,"pkt":"eJS0JASgYDjgxTWgCABFAAA8s3tAAD8GTsbAqAJkszzDMbNsFGaY2PgHAAAAAKAC\/\/+CVAAAAgQFtAQCCArFiW3yAAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655034332580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655034332580,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s3xAAD8GTs3AqAJkszzDMbNsFGaY2PgILoO694AQAKylowAAAQEICsWJbhFxU6\/V"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1655034332651,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655034332651,"pkt":"eJS0JASgYDjgxTWgCABFAAA4s31AAD8GTsjAqAJkszzDMbNsFGaY2PgILoO694AYAKxgDAAAAQEICsWJbldxU6\/VRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655034332550,"flow_last_seen":1655034332681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1655034332681,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-data-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1655036863658} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655036863658,"flow_last_seen":1655036863658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655036863658,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1655036863658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655036863658,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VU1AAD8GrPTAqAJkszzDMZ\/6FGZJAAaOAAAAAKAC\/\/\/gngAAAgQFtAQCCAo3avKLAAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1655036863694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655036863694,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VU5AAD8GrPvAqAJkszzDMZ\/6FGZJAAaPQBkrQIAQAIAuZAAAAQEICjdq8tim3M31"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1655036863777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655036863777,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VU9AAD8GrPbAqAJkszzDMZ\/6FGZJAAaPQBkrQIAYAIDovgAAAQEICjdq8yym3M31RUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655036863658,"flow_last_seen":1655036863823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655036863823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-data-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_msec":1655037784969} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655037784969,"flow_last_seen":1655037784969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655037784969,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1655037784969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655037784969,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eZJAAD8GiK\/AqAJkszzDMaD+FGaPGwMEAAAAAKAC\/\/\/PkAAAAgQFtAQCCAo3eL\/2AAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1655037785024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655037785024,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eZNAAD8GiLbAqAJkszzDMaD+FGaPGwMFTC+Ch4AQAIA0RwAAAQEICjd4wGKeH1xF"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1655037785072,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655037785072,"pkt":"eJS0JASgYDjgxTWgCABFAAA4eZRAAD8GiLHAqAJkszzDMaD+FGaPGwMFTC+Ch4AYAIDu7QAAAQEICjd4wGqeH1xFRUQAAQ=="} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655037784969,"flow_last_seen":1655037785114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655037785114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655037943346,"flow_last_seen":1655037943346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655037943346,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1655037943346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655037943346,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZIBAAD8GndHAqAJkszzDIb+CFGZJeEW8AAAAAKAC\/\/\/DuQAAAgQFtAQCCApZCY6zAAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1655037943378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655037943378,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZIFAAD8GndjAqAJkszzDIb+CFGZJeEW9lbThyYAQAKz4BQAAAQEIClkJjtOTiu6c"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1655037943378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655037943378,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ZIJAAD8GndPAqAJkszzDIb+CFGZJeEW9lbThyYAYAKyyswAAAQEIClkJjtSTiu6cRUQAAQ=="} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655037943346,"flow_last_seen":1655037943383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655037943383,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-data-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1655038737650} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655038737650,"flow_last_seen":1655038737650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655038737650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1655038737650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655038737650,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+jpAAD8GCAfAqAJkszzDMaFIFGaFGhCGAAAAAKAC\/\/9PGwAAAgQFtAQCCAo3gTyYAAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1655038737824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655038737824,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+jtAAD8GCA7AqAJkszzDMaFIFGaFGhCH4E9fBoAQAIAQ0gAAAQEICjeBPUjxtjrK"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1655038738001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655038738001,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+jxAAD8GCAnAqAJkszzDMaFIFGaFGhCH4E9fBoAYAIDK4wAAAQEICjeBPeXxtjrKRUQAAQ=="} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655038737650,"flow_last_seen":1655038738036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655038738036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1655030801747,"flow_last_seen":1655030802079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":1537,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1655038738381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-data-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":1655041569928} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655041569928,"flow_last_seen":1655041569928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655041569928,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1655041569928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655041569928,"pkt":"eJS0JASgYDjgxTWgCABFAAA8yNhAAD8GOWnAqAJkszzDMaKKFGb8FC6CAAAAAKAC\/\/\/RUwAAAgQFtAQCCAo3qCQAAAAAAAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1655041569964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655041569964,"pkt":"eJS0JASgYDjgxTWgCABFAAA0yNlAAD8GOXDAqAJkszzDMaKKFGb8FC6DekSzAYAQAIDQKAAAAQEICjeoJCQj994H"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1655041570092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655041570092,"pkt":"eJS0JASgYDjgxTWgCABFAAA4yNpAAD8GOWvAqAJkszzDMaKKFGb8FC6DekSzAYAYAICKaAAAAQEICjeoJJMj994HRUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655041569928,"flow_last_seen":1655041570160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655041570160,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033797377,"flow_last_seen":1655033797657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655031983762,"flow_last_seen":1655031984056,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033482376,"flow_last_seen":1655033482899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033850395,"flow_last_seen":1655033851037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655032256845,"flow_last_seen":1655032257332,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655032857220,"flow_last_seen":1655032858052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-data-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_msec":1655042688447} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655042688447,"flow_last_seen":1655042688447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655042688447,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1655042688447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655042688447,"pkt":"eJS0JASgYDjgxTWgCABFAAA8k4BAAD8GbsHAqAJkszzDMaNQFGac145xAAAAAKAC\/\/+5KwAAAgQFtAQCCAo3tzqhAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1655042688525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655042688525,"pkt":"eJS0JASgYDjgxTWgCABFAAA0k4FAAD8GbsjAqAJkszzDMaNQFGac145yikooJoAQAIAprAAAAQEICje3OwWKYYCH"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1655042689647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655042689647,"pkt":"eJS0JASgYDjgxTWgCABFAAA4k4JAAD8GbsPAqAJkszzDMaNQFGac145yikooJoAYAIDgCgAAAQEICje3P1WKYYCHRUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655042688447,"flow_last_seen":1655042689683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655042689683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655034332550,"flow_last_seen":1655034332854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655042690163,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-data-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_msec":1655043596112} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655043596112,"flow_last_seen":1655043596112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655043596112,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1655043596112,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655043596112,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sPxAAD8GUVXAqAJkszzDIZJqFGboXByKAAAAAKAC\/\/9iMwAAAgQFtAQCCAoEt\/vxAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1655043596145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655043596145,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sP1AAD8GUVzAqAJkszzDIZJqFGboXByLxoplnYAQAKyC0AAAAQEICgS3\/BKyfC6v"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1655043596145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655043596145,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sP5AAD8GUVfAqAJkszzDIZJqFGboXByLxoplnYAYAKw9fwAAAQEICgS3\/BKyfC6vRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655043596112,"flow_last_seen":1655043596146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655043596146,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-data-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_msec":1655044288744} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655044288744,"flow_last_seen":1655044288744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655044288744,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1655044288744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655044288744,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Rj1AAD8GvBTAqAJkszzDIZLOFGbS4v0+AAAAAKAC\/\/8FAwAAAgQFtAQCCAoEwo14AAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1655044288776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655044288776,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Rj5AAD8GvBvAqAJkszzDIZLOFGbS4v0\/XwbxEoAQAKw+pwAAAQEICgTCjaZrpjiA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1655044288777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655044288777,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Rj9AAD8GvBbAqAJkszzDIZLOFGbS4v0\/XwbxEoAYAKz5VAAAAQEICgTCjadrpjiARUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655044288744,"flow_last_seen":1655044288777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655044288777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-data-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_msec":1655044965142} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655044965142,"flow_last_seen":1655044965142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655044965142,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1655044965142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655044965142,"pkt":"eJS0JASgYDjgxTWgCABFAAA8At1AAD8G\/2TAqAJkszzDMbK6FGZec+QxAAAAAKAC\/\/+2PgAAAgQFtAQCCApG+geGAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1655044965172,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655044965172,"pkt":"eJS0JASgYDjgxTWgCABFAAA0At5AAD8G\/2vAqAJkszzDMbK6FGZec+QyZebbNIAQAVdZxAAAAQEICkb6B6qVR7NZ"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1655044965191,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655044965191,"pkt":"eJS0JASgYDjgxTWgCABFAAA4At9AAD8G\/2bAqAJkszzDMbK6FGZec+QyZebbNIAYAVcUYAAAAQEICkb6B72VR7NZRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655044965142,"flow_last_seen":1655044965221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655044965221,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655036863658,"flow_last_seen":1655036864020,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655044965409,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-data-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_msec":1655045751925} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655045751925,"flow_last_seen":1655045751925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655045751925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1655045751925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655045751925,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tn9AAD8GS8LAqAJkszzDMbMAFGajVEhsAAAAAKAC\/\/+wTwAAAgQFtAQCCApG\/mQPAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1655045751957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655045751957,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toBAAD8GS8nAqAJkszzDMbMAFGajVEhtoOKxA4AQAVeXTwAAAQEICkb+ZC\/0vP+i"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1655045751963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655045751963,"pkt":"eJS0JASgYDjgxTWgCABFAAA4toFAAD8GS8TAqAJkszzDMbMAFGajVEhtoOKxA4AYAVdR+QAAAQEICkb+ZDT0vP+iRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655045751925,"flow_last_seen":1655045751993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655045751993,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655037943346,"flow_last_seen":1655037943539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":2513,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1655045752178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655037784969,"flow_last_seen":1655037785423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655045752178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-data-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1655049443230} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655049443230,"flow_last_seen":1655049443230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655049443230,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1655049443230,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655049443230,"pkt":"eJS0JASgYDjgxTWgCABFAAA8KCVAAD8G2hzAqAJkszzDMbVGFGZeo\/3WAAAAAKAC\/\/\/eUwAAAgQFtAQCCApHIcLoAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1655049443263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655049443263,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KCZAAD8G2iPAqAJkszzDMbVGFGZeo\/3XmmmBIoAQAVfWlwAAAQEICkchwwlHYNIU"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1655049443356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655049443356,"pkt":"eJS0JASgYDjgxTWgCABFAAA4KCdAAD8G2h7AqAJkszzDMbVGFGZeo\/3XmmmBIoAYAVeQ6QAAAQEICkchw2ZHYNIURUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655049443230,"flow_last_seen":1655049443389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655049443389,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655038737650,"flow_last_seen":1655038738381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655049443593,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655041569928,"flow_last_seen":1655041570363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655049443593,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-data-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_msec":1655050704430} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655050704430,"flow_last_seen":1655050704430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655050704430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1655050704430,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655050704430,"pkt":"eJS0JASgYDjgxTWgCABFAAA84MFAAD8GJbDAqAJkHw1TMZ0gFGZ02VSkAAAAAKAC\/\/8otQAAAgQFtAQCCAoO3mAcAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1655050704485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655050704485,"pkt":"eJS0JASgYDjgxTWgCABFAAA04MJAAD8GJbfAqAJkHw1TMZ0gFGZ02VSlljrOS4AQAKxhJgAAAQEICg7eYFQ9kVNR"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1655050704506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655050704506,"pkt":"eJS0JASgYDjgxTWgCABFAAA44MNAAD8GJbLAqAJkHw1TMZ0gFGZ02VSlljrOS4AYAKwbyQAAAQEICg7eYGA9kVNRRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655050704430,"flow_last_seen":1655050704560,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655050704560,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655042688447,"flow_last_seen":1655042690163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655050704962,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655051220512,"flow_last_seen":1655051220512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655051220512,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1655051220512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655051220512,"pkt":"eJS0JASgYDjgxTWgCABFAAA8rVBAAD8GVQHAqAJkszzDIbGeFGYTOuPqAAAAAKAC\/\/\/5owAAAgQFtAQCCAoFLFKaAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1655051220546,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655051220546,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rVFAAD8GVQjAqAJkszzDIbGeFGYTOuPr8T6CsoAQAKwtBgAAAQEICgUsUry7e8sg"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1655051220578,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655051220578,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rVJAAD8GVQPAqAJkszzDIbGeFGYTOuPr8T6CsoAYAKznlAAAAQEICgUsUty7e8sgRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051220512,"flow_last_seen":1655051220578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655051220578,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655043596112,"flow_last_seen":1655043596381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655051220729,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-data-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_msec":1655051492307} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655051492307,"flow_last_seen":1655051492307,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655051492307,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1655051492307,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655051492307,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gfhAAD8GgEnAqAJkszzDMahMFGbuqHaiAAAAAKAC\/\/+qzgAAAgQFtAQCCAo39wnAAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1655051492339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655051492339,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gflAAD8GgFDAqAJkszzDMahMFGbuqHajLwsyzYAQAIACagAAAQEICjf3Cd8Kl2oU"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1655051492356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655051492356,"pkt":"eJS0JASgYDjgxTWgCABFAAA4gfpAAD8GgEvAqAJkszzDMahMFGbuqHajLwsyzYAYAIC9BgAAAQEICjf3CfEKl2oURUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051492307,"flow_last_seen":1655051492493,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655051492493,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655051794002,"flow_last_seen":1655051794002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655051794002,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1655051794002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655051794002,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Ow1AAD8Gx0TAqAJkszzDIbIiFGatOxWzAAAAAKAC\/\/9tHgAAAgQFtAQCCAoFNRLJAAAAAAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1655051794036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655051794036,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Ow5AAD8Gx0vAqAJkszzDIbIiFGatOxW0\/J8dd4AQAKwWfwAAAQEICgU1Eusr+T5\/"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1655051794037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655051794037,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Ow9AAD8Gx0bAqAJkszzDIbIiFGatOxW0\/J8dd4AYAKzRLAAAAQEICgU1Euwr+T5\/RUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051794002,"flow_last_seen":1655051794037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655051794037,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655044288744,"flow_last_seen":1655044288931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655051794206,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":185,"packets-processed":184,"total-skipped-flows":0,"total-l4-data-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_msec":1655052148615} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655052148615,"flow_last_seen":1655052148615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655052148615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1655052148615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655052148615,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kfpAAD8GcEfAqAJkszzDMaiQFGZmurw1AAAAAKAC\/\/+h\/wAAAgQFtAQCCAo3+VSkAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1655052148658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655052148658,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kftAAD8GcE7AqAJkszzDMaiQFGZmurw2KlSpWIAQAIA0yQAAAQEICjf5VPJAoYbY"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1655052148713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655052148713,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kfxAAD8GcEnAqAJkszzDMaiQFGZmurw2KlSpWIAYAIDvQAAAAQEICjf5VSlAoYbYRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052148615,"flow_last_seen":1655052148758,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655052148758,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655052438619,"flow_last_seen":1655052438619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655052438619,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1655052438619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655052438619,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kqtAAD8Gb6bAqAJkszzDIbPaFGZdYrgnAAAAAKAC\/\/9CuwAAAgQFtAQCCAoFPujPAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1655052438652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655052438652,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kqxAAD8Gb63AqAJkszzDIbPaFGZdYrgoyEw0oYAQAKw1RwAAAQEICgU+6PHmsVfE"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1655052438653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655052438653,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kq1AAD8Gb6jAqAJkszzDIbPaFGZdYrgoyEw0oYAYAKzv9AAAAQEICgU+6PLmsVfERUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052438619,"flow_last_seen":1655052438654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655052438654,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655044965142,"flow_last_seen":1655044965409,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655052438807,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_msec":1655052853504} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655052853504,"flow_last_seen":1655052853504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655052853504,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1655052853504,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655052853504,"pkt":"eJS0JASgYDjgxTWgCABFAAA8WWJAAD8GqN\/AqAJkszzDMajGFGY2dfJkAAAAAKAC\/\/87qwAAAgQFtAQCCAo3+7TWAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1655052853586,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655052853586,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWNAAD8GqObAqAJkszzDMajGFGY2dfJl9PmkqoAQAICs4QAAAQEICjf7tS9HlNt1"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1655052853610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655052853610,"pkt":"eJS0JASgYDjgxTWgCABFAAA4WWRAAD8GqOHAqAJkszzDMajGFGY2dfJl9PmkqoAYAIBnfgAAAQEICjf7tUFHlNt1RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052853504,"flow_last_seen":1655052853647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655052853647,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-data-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":168,"global_ts_msec":1655053633670} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655053633670,"flow_last_seen":1655053633670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655053633670,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1655053633670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655053633670,"pkt":"eJS0JASgYDjgxTWgCABFAAA8mVhAAD8GaOnAqAJkszzDMajeFGZP5tJgAAAAAKAC\/\/\/ryAAAAgQFtAQCCAo3\/AszAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1655053633701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655053633701,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVlAAD8GaPDAqAJkszzDMajeFGZP5tJhk8uMoIAQAIDJOAAAAQEICjf8C1OqRoX7"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1655053633708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655053633708,"pkt":"eJS0JASgYDjgxTWgCABFAAA4mVpAAD8GaOvAqAJkszzDMajeFGZP5tJhk8uMoIAYAICD4QAAAQEICjf8C1mqRoX7RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655053633670,"flow_last_seen":1655053633738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655053633738,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655045751925,"flow_last_seen":1655045752178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655053633932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-data-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_msec":1655054457330} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655054457330,"flow_last_seen":1655054457330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655054457330,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1655054457330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655054457330,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VnBAAD8Gq+HAqAJkszzDIbWEFGa\/BmevAAAAAKAC\/\/\/mlQAAAgQFtAQCCAoFUzIKAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1655054457362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655054457362,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VnFAAD8Gq+jAqAJkszzDIbWEFGa\/Bmewdx424oAQAKySKwAAAQEICgVTMiqQiUPS"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1655054457363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655054457363,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VnJAAD8Gq+PAqAJkszzDIbWEFGa\/Bmewdx424oAYAKxM2QAAAQEICgVTMiuQiUPSRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655054457330,"flow_last_seen":1655054457365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655054457365,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-data-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":181,"global_ts_msec":1655056441533} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655056441533,"flow_last_seen":1655056441533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655056441533,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1655056441533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655056441533,"pkt":"eJS0JASgYDjgxTWgCABFAAA8SQJAAD8GuU\/AqAJkszzDIbkAFGYVt3HxAAAAAKAC\/\/87QgAAAgQFtAQCCAoFcXjRAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1655056441563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655056441563,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SQNAAD8GuVbAqAJkszzDIbkAFGYVt3Hym+tfO4AQAKzuQwAAAQEICgVxePCucNFZ"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1655056441564,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655056441564,"pkt":"eJS0JASgYDjgxTWgCABFAAA4SQRAAD8GuVHAqAJkszzDIbkAFGYVt3Hym+tfO4AYAKyo8gAAAQEICgVxePCucNFZRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655056441533,"flow_last_seen":1655056441565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655056441565,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":233,"packets-processed":232,"total-skipped-flows":0,"total-l4-data-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":187,"global_ts_msec":1655059510580} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655059510580,"flow_last_seen":1655059510580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655059510580,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1655059510580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655059510580,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GcJAAD8G6I\/AqAJkszzDIZuUFGY95P\/EAAAAAKAC\/\/\/fxAAAAgQFtAQCCAoFoDuLAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1655059510610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655059510610,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GcNAAD8G6JbAqAJkszzDIZuUFGY95P\/FCFqhLIAQAKyMSwAAAQEICgWgO6lMbYt5"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1655059510610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655059510610,"pkt":"eJS0JASgYDjgxTWgCABFAAA4GcRAAD8G6JHAqAJkszzDIZuUFGY95P\/FCFqhLIAYAKxG+gAAAQEICgWgO6lMbYt5RUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655059510580,"flow_last_seen":1655059510611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655059510611,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655051492307,"flow_last_seen":1655051493108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655051220512,"flow_last_seen":1655051220729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655051794002,"flow_last_seen":1655051794206,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655049443230,"flow_last_seen":1655049443593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655050704430,"flow_last_seen":1655050704962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-data-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_msec":1655060495977} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655060495977,"flow_last_seen":1655060495977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655060495977,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1655060495977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655060495977,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YJ5AAD8GobPAqAJkszzDIZysFGYCJGGJAAAAAKAC\/\/+p9wAAAgQFtAQCCAoFq0oxAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1655060496008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655060496008,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YJ9AAD8GobrAqAJkszzDIZysFGYCJGGK2sw1x4AQAKwONAAAAQEICgWrSlDEovR\/"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1655060496009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655060496009,"pkt":"eJS0JASgYDjgxTWgCABFAAA4YKBAAD8GobXAqAJkszzDIZysFGYCJGGK2sw1x4AYAKzI4QAAAQEICgWrSlHEovR\/RUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655060495977,"flow_last_seen":1655060496009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655060496009,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052148615,"flow_last_seen":1655052148966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052853504,"flow_last_seen":1655052853872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052438619,"flow_last_seen":1655052438807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":250,"packets-processed":249,"total-skipped-flows":0,"total-l4-data-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_msec":1655061657436} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655061657436,"flow_last_seen":1655061657436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655061657436,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1655061657436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655061657436,"pkt":"eJS0JASgYDjgxTWgCABFAAA88nlAAD8GD8jAqAJkszzDMauyFGbsqzKiAAAAAKAC\/\/9iSAAAAgQFtAQCCAo4IpSyAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1655061657568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655061657568,"pkt":"eJS0JASgYDjgxTWgCABFAAA08npAAD8GD8\/AqAJkszzDMauyFGbsqzKjnK08DIAQAIBE+AAAAQEICjgilXAR0WBF"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1655061657568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655061657568,"pkt":"eJS0JASgYDjgxTWgCABFAAA48ntAAD8GD8rAqAJkszzDMauyFGbsqzKjnK08DIAYAID\/ogAAAQEICjgilXQR0WBFRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655061657436,"flow_last_seen":1655061657706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655061657706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655053633670,"flow_last_seen":1655053633932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655061657966,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655061873005,"flow_last_seen":1655061873005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655061873005,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1655061873005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655061873005,"pkt":"eJS0JASgYDjgxTWgCABFAAA8rKJAAD8GT8rAqAJkHw1dNr\/IFGZDXSW2AAAAAKAC\/\/\/P8AAAAgQFtAQCCAokHtddAAAAAAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1655061873153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655061873153,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rKNAAD8GT9HAqAJkHw1dNr\/IFGZDXSW3fPQug4AQAID6IQAAAQEICiQe1\/I8Thuy"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1655061873186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655061873186,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rKRAAD8GT8zAqAJkHw1dNr\/IFGZDXSW3fPQug4AYAIC0sAAAAQEICiQe2BI8ThuyRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655061873005,"flow_last_seen":1655061873368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655061873368,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-data-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_msec":1655062569330} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655062569330,"flow_last_seen":1655062569330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655062569330,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1655062569330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655062569330,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MZZAAD8G0KvAqAJkszzDMavKFGbYH58HAAAAAKAC\/\/9yPQAAAgQFtAQCCAo4IyzLAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1655062569374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655062569374,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZdAAD8G0LLAqAJkszzDMavKFGbYH58IMQLbuIAQAIC6CgAAAQEICjgjLRYTN8Yz"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1655062569381,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655062569381,"pkt":"eJS0JASgYDjgxTWgCABFAAA4MZhAAD8G0K3AqAJkszzDMavKFGbYH58IMQLbuIAYAIB0sgAAAQEICjgjLR0TN8YzRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655062569330,"flow_last_seen":1655062569427,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655062569427,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655054457330,"flow_last_seen":1655054457533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655062569674,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":274,"packets-processed":273,"total-skipped-flows":0,"total-l4-data-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":226,"global_ts_msec":1655063661893} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655063661893,"flow_last_seen":1655063661893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655063661893,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1655063661893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655063661893,"pkt":"eJS0JASgYDjgxTWgCABFAAA86plAAD8GF7jAqAJkszzDIaAeFGY4VRBmAAAAAKAC\/\/\/+RwAAAgQFtAQCCAoF0w05AAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1655063661925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655063661925,"pkt":"eJS0JASgYDjgxTWgCABFAAA06ppAAD8GF7\/AqAJkszzDIaAeFGY4VRBnHmH5pIAQAKyJNgAAAQEICgXTDVr1t5VE"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1655063661926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655063661926,"pkt":"eJS0JASgYDjgxTWgCABFAAA46ptAAD8GF7rAqAJkszzDIaAeFGY4VRBnHmH5pIAYAKxD5AAAAQEICgXTDVv1t5VERUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655063661893,"flow_last_seen":1655063661927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655063661927,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-data-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":232,"global_ts_msec":1655064434682} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655064434682,"flow_last_seen":1655064434682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655064434682,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1655064434682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655064434682,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z49AAD8GmrLAqAJkszzDMbDqFGZ3oUxiAAAAAKAC\/\/\/KHwAAAgQFtAQCCArGt\/RXAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1655064434714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655064434714,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5BAAD8GmrnAqAJkszzDMbDqFGZ3oUxjZjrG2IAQAKzrtwAAAQEICsa39HeqpjSg"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1655064434759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655064434759,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Z5FAAD8GmrTAqAJkszzDMbDqFGZ3oUxjZjrG2IAYAKymOQAAAQEICsa39KSqpjSgRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655064434682,"flow_last_seen":1655064434792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655064434792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655056441533,"flow_last_seen":1655056441715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655064435041,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-data-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":239,"global_ts_msec":1655065264797} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655065264797,"flow_last_seen":1655065264797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655065264797,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1655065264797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655065264797,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ttVAAD8GS2zAqAJkszzDMclYFGbchY4CAAAAAKAC\/\/8wGwAAAgQFtAQCCApH\/04jAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1655065264828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655065264828,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ttZAAD8GS3PAqAJkszzDMclYFGbchY4DukzwuYAQAVeNLQAAAQEICkf\/TkbK+lov"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1655065265098,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655065265098,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ttdAAD8GS27AqAJkszzDMclYFGbchY4DukzwuYAYAVdG0gAAAQEICkf\/T1DK+lovRUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065264797,"flow_last_seen":1655065265128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655065265128,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":297,"total-skipped-flows":0,"total-l4-data-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":245,"global_ts_msec":1655065885451} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655065885451,"flow_last_seen":1655065885451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655065885451,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1655065885451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655065885451,"pkt":"eJS0JASgYDjgxTWgCABFAAA8arBAAD8Gl5HAqAJkszzDMbtMFGZqrJ7gAAAAAKAC\/\/9fsQAAAgQFtAQCCApxKmRoAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1655065885484,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655065885484,"pkt":"eJS0JASgYDjgxTWgCABFAAA0arFAAD8Gl5jAqAJkszzDMbtMFGZqrJ7h+p4p8oAQAIDu2wAAAQEICnEqZIk6KEA5"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1655065885533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655065885533,"pkt":"eJS0JASgYDjgxTWgCABFAAA4arJAAD8Gl5PAqAJkszzDMbtMFGZqrJ7h+p4p8oAYAICpZQAAAQEICnEqZK46KEA5RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065885451,"flow_last_seen":1655065885566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655065885566,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655065885823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655065885823,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ghFAAD8GgDDAqAJkszzDMcoMFGZjsgDIAAAAAKAC\/\/8NZwAAAgQFtAQCCApICHYoAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655065885823,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ghJAAD8GgDfAqAJkszzDMcoMFGZjsgDJIofjooAQAVdpNQAAAQEICkgIdkmT2Dd0"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655065885823,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ghNAAD8GgDLAqAJkszzDMcoMFGZjsgDJIofjooAYAVcjvgAAAQEICkgIdm+T2Dd0RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655065885823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-data-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_msec":1655067574156} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655067574156,"flow_last_seen":1655067574156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655067574156,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1655067574156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655067574156,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZktAAD8Gm\/bAqAJkszzDMbEWFGZP\/CSfAAAAAKAC\/\/80aAAAAgQFtAQCCArGuNlKAAAAAAEDAwk="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1655067574187,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655067574187,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZkxAAD8Gm\/3AqAJkszzDMbEWFGZP\/CSg\/FJ4JoAQAKwGCgAAAQEICsa42a+DX2Qy"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1655067574192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655067574192,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Zk1AAD8Gm\/jAqAJkszzDMbEWFGZP\/CSg\/FJ4JoAYAKzAswAAAQEICsa42bSDX2QyRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655067574156,"flow_last_seen":1655067574223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655067574223,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655059510580,"flow_last_seen":1655059510757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655067574418,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655068071917,"flow_last_seen":1655068071917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655068071917,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1655068071917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655068071917,"pkt":"eJS0JASgYDjgxTWgCABFAAA8f0dAAD8GgvrAqAJkszzDMcu4FGbUWpFrAAAAAKAC\/\/9c\/wAAAgQFtAQCCApIKiN2AAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1655068071949,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655068071949,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f0hAAD8GgwHAqAJkszzDMcu4FGbUWpFsCrZXEIAQAVd+jAAAAQEICkgqI5aouQE5"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1655068072089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655068072089,"pkt":"eJS0JASgYDjgxTWgCABFAAA4f0lAAD8GgvzAqAJkszzDMcu4FGbUWpFsCrZXEIAYAVc4rwAAAQEICkgqJCKouQE5RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068071917,"flow_last_seen":1655068072120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655068072120,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1655060495977,"flow_last_seen":1655060496256,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1317,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1655068072357,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-data-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_msec":1655068204945} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655068204945,"flow_last_seen":1655068204945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655068204945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1655068204945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655068204945,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eR1AAD8GiTTAqAJkszzDIaLAFGY48OrHAAAAAKAC\/\/8oAgAAAgQFtAQCCAoF9wW8AAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1655068204976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655068204976,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eR5AAD8GiTvAqAJkszzDIaLAFGY48OrIWCi8FIAQAKyAowAAAQEICgX3Bdt\/K0Hp"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1655068204977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655068204977,"pkt":"eJS0JASgYDjgxTWgCABFAAA4eR9AAD8GiTbAqAJkszzDIaLAFGY48OrIWCi8FIAYAKw7UQAAAQEICgX3Bdx\/K0HpRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068204945,"flow_last_seen":1655068204978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655068204978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655068672605,"flow_last_seen":1655068672605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655068672605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1655068672605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655068672605,"pkt":"eJS0JASgYDjgxTWgCABFAAA8f7NAAD8Ggo7AqAJkszzDMcxGFGbT7kd7AAAAAKAC\/\/98VAAAAgQFtAQCCApIM03mAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1655068672638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655068672638,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f7RAAD8GgpXAqAJkszzDMcxGFGbT7kd8DNw8XIAQAVenVgAAAQEICkgzTgfXLOHd"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1655068672650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655068672650,"pkt":"eJS0JASgYDjgxTWgCABFAAA4f7VAAD8GgpDAqAJkszzDMcxGFGbT7kd8DNw8XIAYAVdh+QAAAQEICkgzThPXLOHdRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068672605,"flow_last_seen":1655068672682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655068672682,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":345,"packets-processed":344,"total-skipped-flows":0,"total-l4-data-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":280,"global_ts_msec":1655069476999} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655069476999,"flow_last_seen":1655069476999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655069476999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1655069476999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655069476999,"pkt":"eJS0JASgYDjgxTWgCABFAAA8v0dAAD8GQwrAqAJkszzDIaL6FGZl3G3iAAAAAKAC\/\/\/JXwAAAgQFtAQCCAoF+bQbAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1655069477033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655069477033,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0hAAD8GQxHAqAJkszzDIaL6FGZl3G3jvQquJIAQAKzBYgAAAQEICgX5tE0ysJf9"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1655069477034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655069477034,"pkt":"eJS0JASgYDjgxTWgCABFAAA4v0lAAD8GQwzAqAJkszzDIaL6FGZl3G3jvQquJIAYAKx8DgAAAQEICgX5tFAysJf9RUQAAQ=="} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655069476999,"flow_last_seen":1655069477066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1269,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1655069477066,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655061873005,"flow_last_seen":1655061873914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1655069477452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655061657436,"flow_last_seen":1655061657966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655069477452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-data-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":288,"global_ts_msec":1655071168997} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655071168997,"flow_last_seen":1655071168997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655071168997,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1655071168997,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655071168997,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/oFAAD8GA8DAqAJkszzDMbxqFGaCVc7FAAAAAKAC\/\/8bsQAAAgQFtAQCCApxNV+xAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1655071169028,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655071169028,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/oJAAD8GA8fAqAJkszzDMbxqFGaCVc7GXkxmWYAQAIBN7gAAAQEICnE1X+Ud8hk1"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1655071169033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655071169033,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/oNAAD8GA8LAqAJkszzDMbxqFGaCVc7GXkxmWYAYAIAImAAAAQEICnE1X+od8hk1RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071168997,"flow_last_seen":1655071169064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655071169064,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655063661893,"flow_last_seen":1655063662083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655071169315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655062569330,"flow_last_seen":1655062569674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655071169315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655071203961,"flow_last_seen":1655071203961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655071203961,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1655071203961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655071203961,"pkt":"eJS0JASgYDjgxTWgCABFAAA8rm1AAD8GU9TAqAJkszzDMdb+FGbxdk6iAAAAAKAC\/\/+sqwAAAgQFtAQCCApIWe4BAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1655071203990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655071203990,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rm5AAD8GU9vAqAJkszzDMdb+FGbxdk6jUznIyYAQAVd2AQAAAQEICkhZ7h+G1MEa"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1655071203998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655071203998,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rm9AAD8GU9bAqAJkszzDMdb+FGbxdk6jUznIyYAYAVcwqAAAAQEICkhZ7ieG1MEaRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071203961,"flow_last_seen":1655071204028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655071204028,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655071204543,"flow_last_seen":1655071204543,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655071204543,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1655071204543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655071204543,"pkt":"eJS0JASgYDjgxTWgCABFAAA8pS5AAD8GbkLAqAJkHw1GMti0FGbC7URPAAAAAKAC\/\/\/+SAAAAgQFtAQCCAqV4ZcxAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1655071204704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655071204704,"pkt":"eJS0JASgYDjgxTWgCABFAAA0pS9AAD8GbknAqAJkHw1GMti0FGbC7URQktIbLIAQAVeaBwAAAQEICpXhl9HVew2N"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1655071204709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655071204709,"pkt":"eJS0JASgYDjgxTWgCABFAAA4pTBAAD8GbkTAqAJkHw1GMti0FGbC7URQktIbLIAYAVdUsQAAAQEICpXhl9bVew2NRUQAAQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071204543,"flow_last_seen":1655071204870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655071204870,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-data-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":306,"global_ts_msec":1655073402411} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655073402411,"flow_last_seen":1655073402411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655073402411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1655073402411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655073402411,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dBJAAD8Gji\/AqAJkszzDMb2aFGahzCxlAAAAAKAC\/\/+a8AAAAgQFtAQCCApxUGIQAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1655073402445,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655073402445,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dBNAAD8GjjbAqAJkszzDMb2aFGahzCxmjLLTN4AQAICpvAAAAQEICnFQYjPQSe8a"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1655073402465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655073402465,"pkt":"eJS0JASgYDjgxTWgCABFAAA4dBRAAD8GjjHAqAJkszzDMb2aFGahzCxmjLLTN4AYAIBkWAAAAQEICnFQYkbQSe8aRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655073402411,"flow_last_seen":1655073402498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655073402498,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655064434682,"flow_last_seen":1655064435041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655065264797,"flow_last_seen":1655065265368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655065885451,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-data-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":316,"global_ts_msec":1655074111508} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655074111508,"flow_last_seen":1655074111508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655074111508,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1655074111508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655074111508,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DYdAAD8G9LrAqAJkszzDMbMaFGYrB92KAAAAAKAC\/\/+Y9QAAAgQFtAQCCAo4NG1HAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1655074111556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655074111556,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DYhAAD8G9MHAqAJkszzDMbMaFGYrB92LuiGK2IAQAIABZwAAAQEICjg0bW5hoB8L"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1655074111565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655074111565,"pkt":"eJS0JASgYDjgxTWgCABFAAA4DYlAAD8G9LzAqAJkszzDMbMaFGYrB92LuiGK2IAYAIC8AwAAAQEICjg0bYBhoB8LRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074111508,"flow_last_seen":1655074111606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655074111606,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655074455881,"flow_last_seen":1655074455881,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655074455881,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1655074455881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655074455881,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sLNAAD8GUZ7AqAJkszzDIaZ+FGbSFVW5AAAAAKAC\/\/\/0VAAAAgQFtAQCCAoGIjFpAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1655074455913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655074455913,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sLRAAD8GUaXAqAJkszzDIaZ+FGbSFVW6wmRwfoAQAKwXRAAAAQEICgYiMYo6n51\/"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1655074455915,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655074455915,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sLVAAD8GUaDAqAJkszzDIaZ+FGbSFVW6wmRwfoAYAKzR8QAAAQEICgYiMYs6n51\/RUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074455881,"flow_last_seen":1655074455915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655074455915,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655074681295,"flow_last_seen":1655074681295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655074681295,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1655074681295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655074681295,"pkt":"eJS0JASgYDjgxTWgCABFAAA81rZAAD8GK4vAqAJkszzDMeNWFGYDhPITAAAAAKAC\/\/\/bRgAAAgQFtAQCCApIjv1aAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1655074681328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655074681328,"pkt":"eJS0JASgYDjgxTWgCABFAAA01rdAAD8GK5LAqAJkszzDMeNWFGYDhPIU+mPdyoAQAVfaOgAAAQEICkiO\/XvslGmN"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1655074681508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655074681508,"pkt":"eJS0JASgYDjgxTWgCABFAAA41rhAAD8GK43AqAJkszzDMeNWFGYDhPIU+mPdyoAYAVeUNgAAAQEICkiO\/i7slGmNRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074681295,"flow_last_seen":1655074681541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655074681541,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-data-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":332,"global_ts_msec":1655075014427} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655075014427,"flow_last_seen":1655075014427,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655075014427,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1655075014427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655075014427,"pkt":"eJS0JASgYDjgxTWgCABFAAA84Y1AAD8GIMTAqAJkszzDIacsFGb7al66AAAAAKAC\/\/87hQAAAgQFtAQCCAoGKrcsAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1655075014457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655075014457,"pkt":"eJS0JASgYDjgxTWgCABFAAA04Y5AAD8GIMvAqAJkszzDIacsFGb7al674\/2+D4AQAKzv2QAAAQEICgYqt1ks76qT"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1655075014458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655075014458,"pkt":"eJS0JASgYDjgxTWgCABFAAA44Y9AAD8GIMbAqAJkszzDIacsFGb7al674\/2+D4AYAKyqhgAAAQEICgYqt1ss76qTRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655075014427,"flow_last_seen":1655075014459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655075014459,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655067574156,"flow_last_seen":1655067574418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655075014609,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-data-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":339,"global_ts_msec":1655075686356} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655075686356,"flow_last_seen":1655075686356,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655075686356,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1655075686356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655075686356,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QvtAAD8Gv1bAqAJkszzDIaiQFGbxmYdKAAAAAKAC\/\/\/ajwAAAgQFtAQCCAoGNPf0AAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1655075686389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655075686389,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QvxAAD8Gv13AqAJkszzDIaiQFGbxmYdLWdXXDoAQAKw7swAAAQEICgY0+BVuVC2V"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1655075686390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655075686390,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Qv1AAD8Gv1jAqAJkszzDIaiQFGbxmYdLWdXXDoAYAKz2XwAAAQEICgY0+BduVC2VRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655075686356,"flow_last_seen":1655075686391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655075686391,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068204945,"flow_last_seen":1655068205140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655075686549,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068071917,"flow_last_seen":1655068072357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655075686549,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-data-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":347,"global_ts_msec":1655078415178} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655078415178,"flow_last_seen":1655078415178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655078415178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1655078415178,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655078415178,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CblAAD8G+IjAqAJkszzDMbaMFGYZMLRzAAAAAKAC\/\/8IFAAAAgQFtAQCCArHDabLAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1655078415208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655078415208,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbpAAD8G+I\/AqAJkszzDMbaMFGYZMLR0Md5NzYAQAKysVQAAAQEICscNpurDrEZZ"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1655078415272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655078415272,"pkt":"eJS0JASgYDjgxTWgCABFAAA4CbtAAD8G+IrAqAJkszzDMbaMFGYZMLR0Md5NzYAYAKxmxQAAAQEICscNpynDrEZZRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078415178,"flow_last_seen":1655078415302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655078415302,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655078417966,"flow_last_seen":1655078417966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655078417966,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1655078417966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655078417966,"pkt":"eJS0JASgYDjgxTWgCABFAAA8aDVAAD8GmgzAqAJkszzDMeYCFGZBxg2JAAAAAKAC\/\/96TQAAAgQFtAQCCApIyAG3AAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1655078418007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655078418007,"pkt":"eJS0JASgYDjgxTWgCABFAAA0aDZAAD8GmhPAqAJkszzDMeYCFGZBxg2KkGSxpoAQAVfcVQAAAQEICkjIAeVbmS2L"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1655078418014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655078418014,"pkt":"eJS0JASgYDjgxTWgCABFAAA4aDdAAD8Gmg7AqAJkszzDMeYCFGZBxg2KkGSxpoAYAVeW\/gAAAQEICkjIAetbmS2LRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078417966,"flow_last_seen":1655078418062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655078418062,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655078418150,"pkt":"eJS0JASgYDjgxTWgCABFAAA86upAAD8GF1fAqAJkszzDMbYGFGbAe04zAAAAAKAC\/\/8ChgAAAgQFtAQCCAo4N\/qqAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655078418150,"pkt":"eJS0JASgYDjgxTWgCABFAAA06utAAD8GF17AqAJkszzDMbYGFGbAe040KCJ2LIAQAIB2bQAAAQEICjg3+s2LqpA6"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655078418150,"pkt":"eJS0JASgYDjgxTWgCABFAAA46uxAAD8GF1nAqAJkszzDMbYGFGbAe040KCJ2LIAYAIAxGAAAAQEICjg3+tGLqpA6RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655069476999,"flow_last_seen":1655069477452,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1269,"flow_tot_l4_payload_len":1317,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068672605,"flow_last_seen":1655068672866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-data-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":365,"global_ts_msec":1655079015860} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655079015860,"flow_last_seen":1655079015860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655079015860,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1655079015860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655079015860,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+71AAD8GBoTAqAJkszzDMbawFGbU0lPTAAAAAKAC\/\/+CegAAAgQFtAQCCArHFtE1AAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1655079015890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655079015890,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+75AAD8GBovAqAJkszzDMbawFGbU0lPU4I1M54AQAKyMuwAAAQEICscW0VNPFaco"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1655079015897,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655079015897,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+79AAD8GBobAqAJkszzDMbawFGbU0lPU4I1M54AYAKxHYwAAAQEICscW0VpPFacoRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655079015860,"flow_last_seen":1655079015927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655079015927,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655071203961,"flow_last_seen":1655071204088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655071204543,"flow_last_seen":1655071205708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655071168997,"flow_last_seen":1655071169315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655079242727,"flow_last_seen":1655079242727,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655079242727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1655079242727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655079242727,"pkt":"eJS0JASgYDjgxTWgCABFAAA81XtAAD8GLNbAqAJkszzDIbBKFGYSKeedAAAAAKAC\/\/8NrgAAAgQFtAQCCAoGazwDAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1655079242758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655079242758,"pkt":"eJS0JASgYDjgxTWgCABFAAA01XxAAD8GLN3AqAJkszzDIbBKFGYSKeee9mtN3YAQAKzI+QAAAQEICgZrPCF7C7NT"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1655079242759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655079242759,"pkt":"eJS0JASgYDjgxTWgCABFAAA41X1AAD8GLNjAqAJkszzDIbBKFGYSKeee9mtN3YAYAKyDpgAAAQEICgZrPCN7C7NTRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655079242727,"flow_last_seen":1655079242760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655079242760,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-data-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_msec":1655085444940} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655085444940,"flow_last_seen":1655085444940,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655085444940,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1655085444940,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655085444940,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OS9AAD8GyRLAqAJkszzDMeuoFGZwsQ0oAAAAAKAC\/\/8MiAAAAgQFtAQCCApJMzrhAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1655085444971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655085444971,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OTBAAD8GyRnAqAJkszzDMeuoFGZwsQ0pZQWH8YAQAVeTjwAAAQEICkkzOwA0eITQ"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1655085445085,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655085445085,"pkt":"eJS0JASgYDjgxTWgCABFAAA4OTFAAD8GyRTAqAJkszzDMeuoFGZwsQ0pZQWH8YAYAVdNzAAAAQEICkkzO3I0eITQRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655085444940,"flow_last_seen":1655085445116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655085445116,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074455881,"flow_last_seen":1655074456133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655075014427,"flow_last_seen":1655075014609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655075686356,"flow_last_seen":1655075686549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074111508,"flow_last_seen":1655074111844,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074681295,"flow_last_seen":1655074681757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655073402411,"flow_last_seen":1655073402833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-data-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":391,"global_ts_msec":1655089030478} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655089030478,"flow_last_seen":1655089030478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655089030478,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1655089030478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655089030478,"pkt":"eJS0JASgYDjgxTWgCABFAAA8PU5AAD8GxPPAqAJkszzDMYAeFGbXqdzGAAAAAKAC\/\/+LPgAAAgQFtAQCCApJafDnAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1655089030510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655089030510,"pkt":"eJS0JASgYDjgxTWgCABFAAA0PU9AAD8GxPrAqAJkszzDMYAeFGbXqdzHU7KHPoAQAVeFmQAAAQEICklp8QcyIyXX"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1655089030611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655089030611,"pkt":"eJS0JASgYDjgxTWgCABFAAA4PVBAAD8GxPXAqAJkszzDMYAeFGbXqdzHU7KHPoAYAVc\/4gAAAQEICklp8W0yIyXXRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655089030478,"flow_last_seen":1655089030643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655089030643,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655078415178,"flow_last_seen":1655078415507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655079015860,"flow_last_seen":1655079016137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655079242727,"flow_last_seen":1655079242898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655078417966,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-data-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":402,"global_ts_msec":1655090233457} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655090233457,"flow_last_seen":1655090233457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655090233457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1655090233457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655090233457,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YMVAAD8GoXzAqAJkszzDMbfuFGYjjxw1AAAAAKAC\/\/8ccQAAAgQFtAQCCArHvx46AAAAAAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1655090233489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655090233489,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMZAAD8GoYPAqAJkszzDMbfuFGYjjxw2tsj\/nIAQAKzs8QAAAQEICse\/HlqH9x8U"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1655090233571,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655090233571,"pkt":"eJS0JASgYDjgxTWgCABFAAA4YMdAAD8GoX7AqAJkszzDMbfuFGYjjxw2tsj\/nIAYAKynTQAAAQEICse\/Hq2H9x8URUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655090233457,"flow_last_seen":1655090233603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655090233603,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":482,"packets-processed":481,"total-skipped-flows":0,"total-l4-data-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":408,"global_ts_msec":1655091294583} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655091294583,"flow_last_seen":1655091294583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655091294583,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1655091294583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655091294583,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/r9AAD8GA4LAqAJkszzDMcAeFGacobJEAAAAAKAC\/\/\/yvwAAAgQFtAQCCApxiYbPAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1655091294836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655091294836,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sBAAD8GA4nAqAJkszzDMcAeFGacobJFhNtvm4AQAIBe2QAAAQEICnGJh9AM9r+2"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1655091294836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655091294836,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/sFAAD8GA4TAqAJkszzDMcAeFGacobJFhNtvm4AYAIAZggAAAQEICnGJh9YM9r+2RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655091294583,"flow_last_seen":1655091294939,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655091294939,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-data-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":414,"global_ts_msec":1655096063383} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655096063383,"flow_last_seen":1655096063383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655096063383,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1655096063383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655096063383,"pkt":"eJS0JASgYDjgxTWgCABFAAA80GdAAD8GMdrAqAJkszzDMcBQFGYzpQPcAAAAAKAC\/\/+30QAAAgQFtAQCCApxjNjtAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1655096063418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655096063418,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GhAAD8GMeHAqAJkszzDMcBQFGYzpQPdMmkwzoAQAIAjpQAAAQEICnGM2RDAwp5N"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1655096063425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655096063425,"pkt":"eJS0JASgYDjgxTWgCABFAAA40GlAAD8GMdzAqAJkszzDMcBQFGYzpQPdMmkwzoAYAIDeTAAAAQEICnGM2RfAwp5NRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655096063383,"flow_last_seen":1655096063459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655096063459,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655085444940,"flow_last_seen":1655085445318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655096063826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-data-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":421,"global_ts_msec":1655097851208} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655097851208,"flow_last_seen":1655097851208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655097851208,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1655097851208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655097851208,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hVJAAD8GfO\/AqAJkszzDMbj2FGbdMghiAAAAAKAC\/\/9ZggAAAgQFtAQCCAo4P8nQAAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1655097851243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655097851243,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVNAAD8GfPbAqAJkszzDMbj2FGbdMghj2gcbf4AQAIDKFgAAAQEICjg\/yfKnyyA1"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1655097851444,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655097851444,"pkt":"eJS0JASgYDjgxTWgCABFAAA4hVRAAD8GfPHAqAJkszzDMbj2FGbdMghj2gcbf4AYAICEGAAAAQEICjg\/yp+nyyA1RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655097851208,"flow_last_seen":1655097851476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655097851476,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655090233457,"flow_last_seen":1655090233805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655097851805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655089030478,"flow_last_seen":1655089030857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655097851805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-data-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":429,"global_ts_msec":1655099328045} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655099328045,"flow_last_seen":1655099328045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655099328045,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1655099328045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655099328045,"pkt":"eJS0JASgYDjgxTWgCABFAAA8L\/pAAD8G0kfAqAJkszzDMcBWFGYVxjf+AAAAAKAC\/\/\/UVQAAAgQFtAQCCApxjaYfAAAAAAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1655099328158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655099328158,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/tAAD8G0k7AqAJkszzDMcBWFGYVxjf\/2SNcwIAQAIBe7wAAAQEICnGNpo+IgeTO"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1655099328163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655099328163,"pkt":"eJS0JASgYDjgxTWgCABFAAA4L\/xAAD8G0knAqAJkszzDMcBWFGYVxjf\/2SNcwIAYAIAZmQAAAQEICnGNppSIgeTORUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655099328045,"flow_last_seen":1655099328197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655099328197,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655091294583,"flow_last_seen":1655091295192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1655099328610,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-data-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":436,"global_ts_msec":1655100445438} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655100445438,"flow_last_seen":1655100445438,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655100445438,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1655100445438,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655100445438,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dbNAAD8GjI7AqAJkszzDMcBiFGbUEWBGAAAAAKAC\/\/9\/mgAAAgQFtAQCCApxjhQ6AAAAAAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1655100445526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655100445526,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbRAAD8GjJXAqAJkszzDMcBiFGbUEWBH1mTBCIAQAIABwwAAAQEICnGOFJasjGe\/"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1655100445560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655100445560,"pkt":"eJS0JASgYDjgxTWgCABFAAA4dbVAAD8GjJDAqAJkszzDMcBiFGbUEWBH1mTBCIAYAIC8UQAAAQEICnGOFLasjGe\/RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655100445438,"flow_last_seen":1655100445594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655100445594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-data-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":442,"global_ts_msec":1655101503188} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655101503188,"flow_last_seen":1655101503188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655101503188,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1655101503188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655101503188,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uEdAAD8GSfrAqAJkszzDMbjAFGZ59kNkAAAAAKAC\/\/+x6gAAAgQFtAQCCArH7AorAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1655101503221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655101503221,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEhAAD8GSgHAqAJkszzDMbjAFGZ59kNlF+8VdoAQAKz2ngAAAQEICsfsCkuDiThP"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1655101503234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655101503234,"pkt":"eJS0JASgYDjgxTWgCABFAAA4uElAAD8GSfzAqAJkszzDMbjAFGZ59kNlF+8VdoAYAKyxQAAAAQEICsfsCliDiThPRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655101503188,"flow_last_seen":1655101503267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655101503267,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":529,"packets-processed":528,"total-skipped-flows":0,"total-l4-data-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":448,"global_ts_msec":1655104186658} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655104186658,"flow_last_seen":1655104186658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655104186658,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1655104186658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655104186658,"pkt":"eJS0JASgYDjgxTWgCABFAAA8z9lAAD8GMmjAqAJkszzDMbscFGbxjY\/TAAAAAKAC\/\/\/9wgAAAgQFtAQCCAo4WoeCAAAAAAEDAwk="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1655104186714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655104186714,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z9pAAD8GMm\/AqAJkszzDMbscFGbxjY\/UkjD8dIAQAIBW5gAAAQEICjhah\/LAS4W5"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1655104186877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655104186877,"pkt":"eJS0JASgYDjgxTWgCABFAAA4z9tAAD8GMmrAqAJkszzDMbscFGbxjY\/UkjD8dIAYAIARCwAAAQEICjhaiHzAS4W5RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655104186658,"flow_last_seen":1655104186938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655104186938,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655096063383,"flow_last_seen":1655096063826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655104187274,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-data-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":455,"global_ts_msec":1655105188559} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655105188559,"flow_last_seen":1655105188559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655105188559,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1655105188559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655105188559,"pkt":"eJS0JASgYDjgxTWgCABFAAA8S7JAAD8Gto\/AqAJkszzDMbnmFGYb9oTUAAAAAKAC\/\/+DSwAAAgQFtAQCCArH\/lQiAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1655105188592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655105188592,"pkt":"eJS0JASgYDjgxTWgCABFAAA0S7NAAD8GtpbAqAJkszzDMbnmFGYb9oTVXDwEToAQAKxqDAAAAQEICsf+VEPB4STE"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1655105188604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655105188604,"pkt":"eJS0JASgYDjgxTWgCABFAAA4S7RAAD8GtpHAqAJkszzDMbnmFGYb9oTVXDwEToAYAKwkrwAAAQEICsf+VE\/B4STERUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105188559,"flow_last_seen":1655105188638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655105188638,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655105755895,"flow_last_seen":1655105755895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655105755895,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1655105755895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655105755895,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kAlAAD8GcjjAqAJkszzDMcEUFGaXC5Z3AAAAAKAC\/\/9ZoAAAAgQFtAQCCAo4cnlzAAAAAAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1655105755961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655105755961,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kApAAD8Gcj\/AqAJkszzDMcEUFGaXC5Z47mWksoAQAIBl6QAAAQEICjhyea4zIlt\/"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1655105755972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655105755972,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kAtAAD8GcjrAqAJkszzDMcEUFGaXC5Z47mWksoAYAIAgbgAAAQEICjhyedgzIlt\/RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105755895,"flow_last_seen":1655105756007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655105756007,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655097851208,"flow_last_seen":1655097851805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655105756270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":553,"packets-processed":552,"total-skipped-flows":0,"total-l4-data-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":467,"global_ts_msec":1655105790019} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655105790019,"flow_last_seen":1655105790019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655105790019,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1655105790019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655105790019,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DWBAAD8G9OHAqAJkszzDMboSFGb46AYSAAAAAKAC\/\/\/MkwAAAgQFtAQCCArIAKx7AAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1655105790049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655105790049,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWFAAD8G9OjAqAJkszzDMboSFGb46AYTXUqYTIAQAKwfkAAAAQEICsgArJpsf3jg"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1655105790056,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655105790056,"pkt":"eJS0JASgYDjgxTWgCABFAAA4DWJAAD8G9OPAqAJkszzDMboSFGb46AYTXUqYTIAYAKzaNwAAAQEICsgArKFsf3jgRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105790019,"flow_last_seen":1655105790086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655105790086,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-data-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":473,"global_ts_msec":1655108001441} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108001441,"flow_last_seen":1655108001441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108001441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1655108001441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108001441,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CbZAAD8G+IvAqAJkszzDMcHKFGbmPQGiAAAAAKAC\/\/9GsQAAAgQFtAQCCApxlpgrAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1655108001604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108001604,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbdAAD8G+JLAqAJkszzDMcHKFGbmPQGj6JAdY4AQAICr2gAAAQEICnGWmOHkUd4Y"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1655108001607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108001607,"pkt":"eJS0JASgYDjgxTWgCABFAAA4CbhAAD8G+I3AqAJkszzDMcHKFGbmPQGj6JAdY4AYAIBmhgAAAQEICnGWmOTkUd4YRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108001441,"flow_last_seen":1655108001707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655108001707,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655099328045,"flow_last_seen":1655099328610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655108001999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655100445438,"flow_last_seen":1655100445972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655108001999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108385462,"flow_last_seen":1655108385462,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108385462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1655108385462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108385462,"pkt":"eJS0JASgYDjgxTWgCABFAAA831VAAD8GIuzAqAJkszzDMZICFGbERxQMAAAAAKAC\/\/+w2QAAAgQFtAQCCAo4haZoAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1655108385503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108385503,"pkt":"eJS0JASgYDjgxTWgCABFAAA031ZAAD8GIvPAqAJkszzDMZICFGbERxQNeBSrR4AQAIBROQAAAQEICjiFpqKHOOMP"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1655108385507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108385507,"pkt":"eJS0JASgYDjgxTWgCABFAAA431dAAD8GIu7AqAJkszzDMZICFGbERxQNeBSrR4AYAIAL5AAAAQEICjiFpqaHOOMPRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108385462,"flow_last_seen":1655108385546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655108385546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108453657,"flow_last_seen":1655108453657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108453657,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1655108453657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108453657,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GD5AAD8G6gPAqAJkszzDMbp6FGaSP+CCAAAAAKAC\/\/8T9gAAAgQFtAQCCArICfDgAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1655108453690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108453690,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GD9AAD8G6grAqAJkszzDMbp6FGaSP+CDCev7oYAQAKwykAAAAQEICsgJ8QFJX8Bq"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1655108453696,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108453696,"pkt":"eJS0JASgYDjgxTWgCABFAAA4GEBAAD8G6gXAqAJkszzDMbp6FGaSP+CDCev7oYAYAKztOAAAAQEICsgJ8QdJX8BqRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108453657,"flow_last_seen":1655108453728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655108453728,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-data-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":491,"global_ts_msec":1655108977493} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108977493,"flow_last_seen":1655108977493,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108977493,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1655108977493,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108977493,"pkt":"eJS0JASgYDjgxTWgCABFAAA8FDpAAD8G7gfAqAJkszzDMZIcFGYxkZdqAAAAAKAC\/\/+qXQAAAgQFtAQCCAo4hrwhAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1655108977535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108977535,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FDtAAD8G7g7AqAJkszzDMZIcFGYxkZdrFO3l4YAQAIAhNgAAAQEICjiGvEzZk+LX"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1655108977728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108977728,"pkt":"eJS0JASgYDjgxTWgCABFAAA4FDxAAD8G7gnAqAJkszzDMZIcFGYxkZdrFO3l4YAYAIDbJQAAAQEICjiGvQvZk+LXRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108977493,"flow_last_seen":1655108977793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655108977793,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655101503188,"flow_last_seen":1655101503710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655108978075,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":593,"packets-processed":592,"total-skipped-flows":0,"total-l4-data-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":498,"global_ts_msec":1655109656108} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655109656108,"flow_last_seen":1655109656108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655109656108,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1655109656108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655109656108,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kRFAAD8GcTDAqAJkszzDMbqgFGZw+MTeAAAAAKAC\/\/+uLgAAAgQFtAQCCArIDZNpAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1655109656138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655109656138,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRJAAD8GcTfAqAJkszzDMbqgFGZw+MTfqcWd3IAQAKwWxQAAAQEICsgNk4cgPV1+"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1655109656145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655109656145,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kRNAAD8GcTLAqAJkszzDMbqgFGZw+MTfqcWd3IAYAKzRawAAAQEICsgNk48gPV1+RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655109656108,"flow_last_seen":1655109656174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655109656174,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-data-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":504,"global_ts_msec":1655110961423} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655110961423,"flow_last_seen":1655110961423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655110961423,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1655110961423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655110961423,"pkt":"eJS0JASgYDjgxTWgCABFAAA8fpBAAD8Gg7HAqAJkszzDMZOGFGbaRgeTAAAAAKAC\/\/9KQgAAAgQFtAQCCAo4pQHWAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1655110961452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655110961452,"pkt":"eJS0JASgYDjgxTWgCABFAAA0fpFAAD8Gg7jAqAJkszzDMZOGFGbaRgeUJF2xy4AQAIA9NgAAAQEICjilAfPDMqHR"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1655110962269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655110962269,"pkt":"eJS0JASgYDjgxTWgCABFAAA4fpJAAD8Gg7PAqAJkszzDMZOGFGbaRgeUJF2xy4AYAID0swAAAQEICjilBSTDMqHRRUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655110961423,"flow_last_seen":1655110962300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655110962300,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111268965,"flow_last_seen":1655111268965,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111268965,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1655111268965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111268965,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EatAAD8G8JbAqAJkszzDMZMqFGZD+lK5AAAAAKAC\/\/8O2QAAAgQFtAQCCApKc3b0AAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1655111268994,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111268994,"pkt":"eJS0JASgYDjgxTWgCABFAAA0EaxAAD8G8J3AqAJkszzDMZMqFGZD+lK6LP1J\/oAQAVcnzwAAAQEICkpzdxL1CahM"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1655111269269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111269269,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Ea1AAD8G8JjAqAJkszzDMZMqFGZD+lK6LP1J\/oAYAVfhawAAAQEICkpzeCT1CahMRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111268965,"flow_last_seen":1655111269298,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655111269298,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":617,"packets-processed":616,"total-skipped-flows":0,"total-l4-data-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":515,"global_ts_msec":1655111789393} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111789393,"flow_last_seen":1655111789393,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111789393,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1655111789393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111789393,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zPVAAD8GNUzAqAJkszzDMbrCFGZ1lRVTAAAAAKAC\/\/8y6QAAAgQFtAQCCArIErl2AAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1655111789426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111789426,"pkt":"eJS0JASgYDjgxTWgCABFAAA0zPZAAD8GNVPAqAJkszzDMbrCFGZ1lRVUyQX5N4AQAKyN9wAAAQEICsgSuZfNwELk"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1655111789520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111789520,"pkt":"eJS0JASgYDjgxTWgCABFAAA4zPdAAD8GNU7AqAJkszzDMbrCFGZ1lRVUyQX5N4AYAKxISAAAAQEICsgSufXNwELkRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111789393,"flow_last_seen":1655111789552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655111789552,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655104186658,"flow_last_seen":1655104187274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655111789765,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111826253,"flow_last_seen":1655111826253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111826253,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1655111826253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111826253,"pkt":"eJS0JASgYDjgxTWgCABFAAA8UhNAAD8GsD7AqAJkszzDIbU6FGZjXyJuAAAAAKAC\/\/8VRAAAAgQFtAQCCAoGi6NWAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1655111826283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111826283,"pkt":"eJS0JASgYDjgxTWgCABFAAA0UhRAAD8GsEXAqAJkszzDIbU6FGZjXyJv3hHXrIAQAKwMuwAAAQEICgaLo3SOAvK7"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1655111826284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111826284,"pkt":"eJS0JASgYDjgxTWgCABFAAA4UhVAAD8GsEDAqAJkszzDIbU6FGZjXyJv3hHXrIAYAKzHZwAAAQEICgaLo3aOAvK7RUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111826253,"flow_last_seen":1655111826285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655111826285,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111980061,"flow_last_seen":1655111980061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111980061,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1655111980061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111980061,"pkt":"eJS0JASgYDjgxTWgCABFAAA8q99AAD8GVmLAqAJkszzDMZO+FGb1swWwAAAAAKAC\/\/8QqwAAAgQFtAQCCAo4qiGmAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1655111980164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111980164,"pkt":"eJS0JASgYDjgxTWgCABFAAA0q+BAAD8GVmnAqAJkszzDMZO+FGb1swWxsMz8dIAQAICfhAAAAQEICjiqIhkXwNnv"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1655111980338,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111980338,"pkt":"eJS0JASgYDjgxTWgCABFAAA4q+FAAD8GVmTAqAJkszzDMZO+FGb1swWxsMz8dIAYAIBZhQAAAQEICjiqIscXwNnvRUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111980061,"flow_last_seen":1655111980422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655111980422,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111980926,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111980926,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nTtAAD8GZRbAqAJkszzDIbXwFGY7fhdqAAAAAKAC\/\/9FJAAAAgQFtAQCCAoGjKWkAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111980926,"pkt":"eJS0JASgYDjgxTWgCABFAAA0nTxAAD8GZR3AqAJkszzDIbXwFGY7fhdrAsizuoAQAKw+YAAAAQEICgaMpcT4l4Wb"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111980926,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nT1AAD8GZRjAqAJkszzDIbXwFGY7fhdrAsizuoAYAKz5CQAAAQEICgaMpcn4l4WbRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655111980926,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":648,"packets-processed":647,"total-skipped-flows":0,"total-l4-data-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":537,"global_ts_msec":1655113084330} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655113084330,"flow_last_seen":1655113084330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655113084330,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1655113084330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655113084330,"pkt":"eJS0JASgYDjgxTWgCABFAAA81OlAAD8GLVjAqAJkszzDMZVaFGZIDGKXAAAAAKAC\/\/9f+wAAAgQFtAQCCAo4tSFvAAAAAAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1655113084383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655113084383,"pkt":"eJS0JASgYDjgxTWgCABFAAA01OpAAD8GLV\/AqAJkszzDMZVaFGZIDGKYqtuzMYAQAID\/YQAAAQEICji1IaRj8syi"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1655113084570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655113084570,"pkt":"eJS0JASgYDjgxTWgCABFAAA41OtAAD8GLVrAqAJkszzDMZVaFGZIDGKYqtuzMYAYAIC5cwAAAQEICji1IkFj8syiRUQAAQ=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655113084330,"flow_last_seen":1655113084612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655113084612,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105188559,"flow_last_seen":1655105188835,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655113084909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":656,"packets-processed":655,"total-skipped-flows":0,"total-l4-data-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":544,"global_ts_msec":1655114622076} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655114622076,"flow_last_seen":1655114622076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655114622076,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1655114622076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655114622076,"pkt":"eJS0JASgYDjgxTWgCABFAAA8E3JAAD8G7t\/AqAJkszzDIbi0FGYRoZALAAAAAKAC\/\/83+QAAAgQFtAQCCAoGqmEpAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1655114622106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655114622106,"pkt":"eJS0JASgYDjgxTWgCABFAAA0E3NAAD8G7ubAqAJkszzDIbi0FGYRoZAMgQqHroAQAKz9CwAAAQEICgaqYVZ8b+Op"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1655114622112,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655114622112,"pkt":"eJS0JASgYDjgxTWgCABFAAA4E3RAAD8G7uHAqAJkszzDIbi0FGYRoZAMgQqHroAYAKy3tQAAAQEICgaqYVt8b+OpRUQAAQ=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655114622076,"flow_last_seen":1655114622114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655114622114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105755895,"flow_last_seen":1655105756270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655114622275,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105790019,"flow_last_seen":1655105790289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655114622275,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":664,"packets-processed":663,"total-skipped-flows":0,"total-l4-data-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":552,"global_ts_msec":1655116217773} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655116217773,"flow_last_seen":1655116217773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655116217773,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1655116217773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655116217773,"pkt":"eJS0JASgYDjgxTWgCABFAAA8AehAAD8GAFrAqAJkszzDMZmmFGbbOiylAAAAAKAC\/\/9QjQAAAgQFtAQCCApyEZX4AAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1655116217805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655116217805,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AelAAD8GAGHAqAJkszzDMZmmFGbbOiymFXtouYAQAIBHtQAAAQEICnIRlijWRuJq"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1655116217850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655116217850,"pkt":"eJS0JASgYDjgxTWgCABFAAA4AepAAD8GAFzAqAJkszzDMZmmFGbbOiymFXtouYAYAIACNwAAAQEICnIRllXWRuJqRUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655116217773,"flow_last_seen":1655116217880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655116217880,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108001441,"flow_last_seen":1655108001999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":518,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108385462,"flow_last_seen":1655108385787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108453657,"flow_last_seen":1655108453928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":672,"packets-processed":671,"total-skipped-flows":0,"total-l4-data-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":561,"global_ts_msec":1655116940904} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655116940904,"flow_last_seen":1655116940904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655116940904,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1655116940904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655116940904,"pkt":"eJS0JASgYDjgxTWgCABFAAA890NAAD8GCv7AqAJkszzDMZxGFGZlwIwQAAAAAKAC\/\/9j2AAAAgQFtAQCCApyHJYRAAAAAAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1655116940935,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655116940935,"pkt":"eJS0JASgYDjgxTWgCABFAAA090RAAD8GCwXAqAJkszzDMZxGFGZlwIwR5J7sZYAQAIAZ6gAAAQEICnIclkN2QDC1"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1655116940973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655116940973,"pkt":"eJS0JASgYDjgxTWgCABFAAA490VAAD8GCwDAqAJkszzDMZxGFGZlwIwR5J7sZYAYAIDUcQAAAQEICnIclmp2QDC1RUQAAQ=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655116940904,"flow_last_seen":1655116941004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655116941004,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655114622076,"flow_last_seen":1655114622275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655116217773,"flow_last_seen":1655116218131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108977493,"flow_last_seen":1655108978075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655109656108,"flow_last_seen":1655109656661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655111789393,"flow_last_seen":1655111789765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111268965,"flow_last_seen":1655111269503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655110961423,"flow_last_seen":1655110962551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111980061,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655116940904,"flow_last_seen":1655116941291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111826253,"flow_last_seen":1655111826511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655113084330,"flow_last_seen":1655113084909,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":679,"packets-processed":679,"total-skipped-flows":0,"total-l4-data-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":579,"global_ts_msec":1655116941291} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 679/679 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 50635 bytes +~~ total detected protocols..: 86 +~~ total active/idle flows...: 86/86 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6152875 bytes +~~ total memory freed........: 6152875 bytes +~~ total allocations/frees...: 119129/119129 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 464 chars +~~ json string max len.......: 693 chars +~~ json string avg len.......: 578 chars diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out index 76c68232e..a203b6c05 100644 --- a/test/results/whatsapp_login_call.pcap.out +++ b/test/results/whatsapp_login_call.pcap.out @@ -354,9 +354,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5989039 bytes -~~ total memory freed........: 5989039 bytes -~~ total allocations/frees...: 119521/119521 +~~ total memory allocated....: 5992426 bytes +~~ total memory freed........: 5992426 bytes +~~ total allocations/frees...: 119545/119545 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 2437 chars diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out index 6c77e8d4e..4286dd085 100644 --- a/test/results/whatsapp_login_chat.pcap.out +++ b/test/results/whatsapp_login_chat.pcap.out @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883046 bytes -~~ total memory freed........: 5883046 bytes -~~ total allocations/frees...: 118205/118205 +~~ total memory allocated....: 5886433 bytes +~~ total memory freed........: 5886433 bytes +~~ total allocations/frees...: 118229/118229 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 2420 chars diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out index 0c31e03de..1b8bd84cd 100644 --- a/test/results/whatsapp_voice_and_message.pcap.out +++ b/test/results/whatsapp_voice_and_message.pcap.out @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5904350 bytes -~~ total memory freed........: 5904350 bytes -~~ total allocations/frees...: 118389/118389 +~~ total memory allocated....: 5907737 bytes +~~ total memory freed........: 5907737 bytes +~~ total allocations/frees...: 118413/118413 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 711 chars diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out index c6ccf2a81..b87938e0d 100644 --- a/test/results/whatsappfiles.pcap.out +++ b/test/results/whatsappfiles.pcap.out @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5895506 bytes -~~ total memory freed........: 5895506 bytes -~~ total allocations/frees...: 118722/118722 +~~ total memory allocated....: 5898893 bytes +~~ total memory freed........: 5898893 bytes +~~ total allocations/frees...: 118746/118746 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1338 chars diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out index 7c0249bf9..796aac094 100644 --- a/test/results/whois.pcapng.out +++ b/test/results/whois.pcapng.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878368 bytes -~~ total memory freed........: 5878368 bytes -~~ total allocations/frees...: 118122/118122 +~~ total memory allocated....: 5881755 bytes +~~ total memory freed........: 5881755 bytes +~~ total allocations/frees...: 118146/118146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 2069 chars diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out index 92cb6c28a..9bf9f514e 100644 --- a/test/results/wireguard.pcap.out +++ b/test/results/wireguard.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5935520 bytes -~~ total memory freed........: 5935520 bytes -~~ total allocations/frees...: 120484/120484 +~~ total memory allocated....: 5938907 bytes +~~ total memory freed........: 5938907 bytes +~~ total allocations/frees...: 120508/120508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 1533 chars diff --git a/test/results/wow.pcap.out b/test/results/wow.pcap.out index 183fc708c..48b166fef 100644 --- a/test/results/wow.pcap.out +++ b/test/results/wow.pcap.out @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879081 bytes -~~ total memory freed........: 5879081 bytes -~~ total allocations/frees...: 118199/118199 +~~ total memory allocated....: 5882468 bytes +~~ total memory freed........: 5882468 bytes +~~ total allocations/frees...: 118223/118223 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 797 chars diff --git a/test/results/xdmcp.pcap.out b/test/results/xdmcp.pcap.out index 17a6041e1..cedeafc98 100644 --- a/test/results/xdmcp.pcap.out +++ b/test/results/xdmcp.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866123 bytes -~~ total memory freed........: 5866123 bytes -~~ total allocations/frees...: 118091/118091 +~~ total memory allocated....: 5869510 bytes +~~ total memory freed........: 5869510 bytes +~~ total allocations/frees...: 118115/118115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 694 chars diff --git a/test/results/xiaomi.pcap.out b/test/results/xiaomi.pcap.out index 2a229c0d5..48ae0657b 100644 --- a/test/results/xiaomi.pcap.out +++ b/test/results/xiaomi.pcap.out @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886291 bytes -~~ total memory freed........: 5886291 bytes -~~ total allocations/frees...: 118169/118169 +~~ total memory allocated....: 5889678 bytes +~~ total memory freed........: 5889678 bytes +~~ total allocations/frees...: 118193/118193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 1126 chars diff --git a/test/results/xss.pcap.out b/test/results/xss.pcap.out new file mode 100644 index 000000000..46ec557fe --- /dev/null +++ b/test/results/xss.pcap.out @@ -0,0 +1,30 @@ +00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"xss.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"xss.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655243489609} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243489609,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655243489609,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655243489609,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA8+yJAAEAGt3DAqANtwKgDa9EKAFDSR62xAAAAAKAC+vBHrAAAAgQFtAQCCAqQR5ueAAAAAAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655243489609,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QpkRtWU0ketsqAS\/og+LAAAAgQFtAQCCAqztRhGkEebngEDAwc="} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243489609,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655243489609,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655243489609,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA8\/4dAAEAGswvAqANtwKgDa9EMAFC3pD0zAAAAAKAC+vDSywAAAgQFtAQCCAqQR5ueAAAAAAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655243489609,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QwZ0GKdt6Q9NKAS\/oiGuQAAAgQFtAQCCAqztRhGkEebngEDAwc="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655243489614,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0\/4hAAEAGsxLAqANtwKgDa9EMAFC3pD00GdBinoAQAfayEgAAAQEICpBHm6SztRhG"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655243489614,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0+yNAAEAGt3fAqANtwKgDa9EKAFDSR62yZEbVlYAQAfZphQAAAQEICpBHm6SztRhG"} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":608,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1655243489614,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.3.107","url":"192.168.3.107\/DVWA-master\/vulnerabilities\/xss_d\/?default=English%3Cscript%3Ealert(1)%3C\/script%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655243489609,"flow_last_seen":1655243489620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2451,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1655243489620} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 11/11 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 2451 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 5870935 bytes +~~ total memory freed........: 5870935 bytes +~~ total allocations/frees...: 118128/118128 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 459 chars +~~ json string max len.......: 1059 chars +~~ json string avg len.......: 751 chars diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out index 498aaee85..04e15f919 100644 --- a/test/results/youtube_quic.pcap.out +++ b/test/results/youtube_quic.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876538 bytes -~~ total memory freed........: 5876538 bytes -~~ total allocations/frees...: 118383/118383 +~~ total memory allocated....: 5879925 bytes +~~ total memory freed........: 5879925 bytes +~~ total allocations/frees...: 118407/118407 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 2273 chars diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out index 04d7e4924..b4fa71551 100644 --- a/test/results/youtubeupload.pcap.out +++ b/test/results/youtubeupload.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882394 bytes -~~ total memory freed........: 5882394 bytes -~~ total allocations/frees...: 118249/118249 +~~ total memory allocated....: 5885781 bytes +~~ total memory freed........: 5885781 bytes +~~ total allocations/frees...: 118273/118273 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 2279 chars diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out index 30bd8ffb7..34a7a0ddf 100644 --- a/test/results/z3950.pcapng.out +++ b/test/results/z3950.pcapng.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878337 bytes -~~ total memory freed........: 5878337 bytes -~~ total allocations/frees...: 118123/118123 +~~ total memory allocated....: 5881724 bytes +~~ total memory freed........: 5881724 bytes +~~ total allocations/frees...: 118147/118147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 820 chars diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out index 7a5564b7c..1c24e20af 100644 --- a/test/results/zabbix.pcap.out +++ b/test/results/zabbix.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5866239 bytes -~~ total memory freed........: 5866239 bytes -~~ total allocations/frees...: 118095/118095 +~~ total memory allocated....: 5869626 bytes +~~ total memory freed........: 5869626 bytes +~~ total allocations/frees...: 118119/118119 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 685 chars diff --git a/test/results/zattoo.pcap.out b/test/results/zattoo.pcap.out index 2c7181d63..f21b6ba5b 100644 --- a/test/results/zattoo.pcap.out +++ b/test/results/zattoo.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870317 bytes -~~ total memory freed........: 5870317 bytes -~~ total allocations/frees...: 118129/118129 +~~ total memory allocated....: 5873704 bytes +~~ total memory freed........: 5873704 bytes +~~ total allocations/frees...: 118153/118153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1369 chars diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out index f16079ebb..587d5c1be 100644 --- a/test/results/zcash.pcap.out +++ b/test/results/zcash.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880410 bytes -~~ total memory freed........: 5880410 bytes -~~ total allocations/frees...: 118233/118233 +~~ total memory allocated....: 5883797 bytes +~~ total memory freed........: 5883797 bytes +~~ total allocations/frees...: 118257/118257 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 922 chars diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out index 1f5bdf441..9e51a6937 100644 --- a/test/results/zoom.pcap.out +++ b/test/results/zoom.pcap.out @@ -217,9 +217,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6059032 bytes -~~ total memory freed........: 6059032 bytes -~~ total allocations/frees...: 118963/118963 +~~ total memory allocated....: 6062419 bytes +~~ total memory freed........: 6062419 bytes +~~ total allocations/frees...: 118987/118987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 187 chars ~~ json string max len.......: 2328 chars diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out index b3eb69d2b..2a2782cb3 100644 --- a/test/results/zoom2.pcap.out +++ b/test/results/zoom2.pcap.out @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6230603 bytes -~~ total memory freed........: 6230603 bytes -~~ total allocations/frees...: 130084/130084 +~~ total memory allocated....: 6233990 bytes +~~ total memory freed........: 6233990 bytes +~~ total allocations/frees...: 130108/130108 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1367 chars |